FunkyBuddha Posted July 2, 2024 #1 Posted July 2, 2024 A critical vulnerability in OpenSSH (regreSSHion) allows attackers full access to servers! Millions at risk. Learn how to patch your server and protect yourself from this remote code execution attack. A high-severity vulnerability named “regreSSHion” has been discovered in OpenSSH servers, posing a significant threat to millions of systems worldwide. This vulnerability allows for remote unauthenticated code execution (RCE), meaning an attacker could take complete control of a vulnerable server without any login credentials. Technical Details: Dubbed RegreSSHion (CVE-2024-6387) by cybersecurity researchers at Qualys; is a flaw within the signal handler of the OpenSSH server daemon (SSHD). A signal handler is a function within a program designed to handle specific signals sent by the operating system. In this case, the vulnerability arises due to a race condition within the signal handler. A race condition occurs when the outcome of a program depends on the unpredictable timing of events. In regreSSHion, a malicious actor can exploit this race condition to inject and execute arbitrary code on the server during the SSH client authentication process. Info: Quote https://hackread.com/regresshion-vulnerability-openssh-exposes-servers/
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now