opened image

A serious vulnerability has been discovered in OpenSSH

Dear clients,

A serious vulnerability has been discovered in OpenSSH (CVE-2024-6387), allowing remote command execution without authentication. Known as "regreSSHion," this vulnerability is caused by an error in signal handling. It affects OpenSSH versions prior to 4.4p1 if patches for CVE-2006-5051 and CVE-2008-4109 were not applied, and versions from 8.5p1 to 9.8p1 due to the removal of a critical security component. Versions from 4.4p1 to 8.5p1 are protected due to a previously released patch, and OpenBSD is not affected due to a secure mechanism developed in 2001. This vulnerability allows an attacker to send a specially crafted packet that results in arbitrary code execution on the server without authentication, making it particularly dangerous for remote attacks.

 

Vulnerable Versions:


- OpenSSH versions prior to 4.4p1
- Versions from 8.5p1 to 9.8p1

 

Not Vulnerable:


- Versions from 4.4p1 to 8.5p1
- Version 9.8p1
- OpenBSD

 

How to Check:
 

ssh -V


to check your OpenSSH version. If your version is within the vulnerable range, you need to update.

 

Recommended Actions:


- Update OpenSSH to the latest version if your current version is within the vulnerable range.
- Restrict SSH access to trusted IP addresses using firewall rules.

 

Updating OpenSSH on Linux Servers:


Ubuntu/Debian: Run sudo apt-get update && sudo apt-get upgrade openssh-server
CentOS/RHEL: Run sudo yum update openssh-server
Fedora: Run sudo dnf update openssh-server

 

In some distributions, the standard repositories do not contain the latest version of OpenSSH. In such cases, you should follow the instructions from your distribution provider to update OpenSSH to a secure version. Example for Rocky Linux 9: https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression

 

For more information, visit the following sources:

https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression
https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

 

If you have any questions or need assistance, please contact our technical support. You can create a request from your personal account https://cp.zomro.com or send an email to [email protected]. We are ready to help you at any time.