A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed “regreSSHion” gives root privileges on glibc-based Linux systems.
OpenSSH is a suite of networking utilities based on the Secure Shell (SSH) protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP.
The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024–6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute arbitrary code as root.
Leave a reply