Patch your servers! It's time of regreSSHion

OpenSSH CVE-2024-6387 vulnerability allows to perform an unauthenticated RCE that grants root access to the host machine.

Vulnerable OpenSSH versions, based on Qualys advisory:

- OpenSSH < 4.4p1 is vulnerable to this signal handler race condition,
  if not backport-patched against CVE-2006-5051, or not patched against
  CVE-2008-4109, which was an incorrect fix for CVE-2006-5051;

- 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable to this signal handler race
  condition (because the "#ifdef DO_LOG_SAFE_IN_SIGHAND" that was added
  to sigdie() by the patch for CVE-2006-5051 transformed this unsafe
  function into a safe _exit(1) call);

- 8.5p1 <= OpenSSH < 9.8p1 is vulnerable again to this signal handler
  race condition (because the "#ifdef DO_LOG_SAFE_IN_SIGHAND" was
  accidentally removed from sigdie()).

Ubuntu CVE tracker: https://ubuntu.com/security/CVE-2024-6387
(FYI: "Released" means that this version includes a fix for a CVE)

For more details, check following articles:

regreSSHion: RCE Vulnerability in OpenSSH (CVE-2024-6387)

Learn about regreSSHion, the high severity RCE vulnerability (CVE-2024-6387) in OpenSSH, its impact, and protection measures

ARMOAmit Schendel

OpenSSH Vulnerability: CVE-2024-6387 FAQs and Resources | Qualys, Inc.

Discover what the OpenSSH vulnerability, CVE-2024-6387, is as well as resources and tools to help detect and mitigate vulnerabilities in your network.

Qualys

For Polish speakers, you can check Mateusz Chrobok YT shot:

Talk with Let's Go DevOps