Menu

Blog

Jul 1, 2024

New regreSSHion OpenSSH RCE bug gives root on Linux servers

Posted by in category: computing

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed “regreSSHion” gives root privileges on glibc-based Linux systems.

OpenSSH is a suite of networking utilities based on the Secure Shell (SSH) protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP.

The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024–6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute arbitrary code as root.

Leave a reply