SIGN IN / UP
      SIGN IN / UP

      We use cookies and similar technologies necessary for the site to function. Optional cookies from third parties are used to improve our service and to provide you with personalized content and advertising if you agree. You can freely opt out here or customize your choice of optional cookies by clicking "Additional settings". Please see our privacy policy and cookies policy for more information on what data is collected and how it is shared with our partners.

      Cookies Policy
      Marketing
      These cookies may be placed on the site by our advertising partners. These companies may use them to build a profile of your interests and show relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and device online. If you do not allow these cookies, you will see fewer targeted ads.
      Functional
      These cookies allow the site to provide advanced features and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not authorize the use of these cookies, some of our services may not work properly.
      Necessary
      These cookies allow us to count the number of visits and traffic sources to measure and improve the performance of our site. They help us to know which pages are the most or least popular and to see how many people are visiting the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not authorize the use of these cookies, we will not know when you have visited our site and will not be able to track its performance.
      Cookies Policy
      opened image
      • ZOMRO
      • NEWS
      • A serious vulnerability has been discovered in OpenSSH

      A serious vulnerability has been discovered in OpenSSH

      Similar articles:
      We celebrate System Administrator Day Gifts for the New Year from Zomro New VDS XXL Tariff Increase in prices since February We celebrate System Administrator Day

      Dedicated servers

      FROM €39/MONTH

      Discount -10% for the first month

      Dear clients,

      A serious vulnerability has been discovered in OpenSSH (CVE-2024-6387), allowing remote command execution without authentication. Known as "regreSSHion," this vulnerability is caused by an error in signal handling. It affects OpenSSH versions prior to 4.4p1 if patches for CVE-2006-5051 and CVE-2008-4109 were not applied, and versions from 8.5p1 to 9.8p1 due to the removal of a critical security component. Versions from 4.4p1 to 8.5p1 are protected due to a previously released patch, and OpenBSD is not affected due to a secure mechanism developed in 2001. This vulnerability allows an attacker to send a specially crafted packet that results in arbitrary code execution on the server without authentication, making it particularly dangerous for remote attacks.

       

      Vulnerable Versions:


      - OpenSSH versions prior to 4.4p1
      - Versions from 8.5p1 to 9.8p1

       

      Not Vulnerable:


      - Versions from 4.4p1 to 8.5p1
      - Version 9.8p1
      - OpenBSD

       

      How to Check:
       

      ssh -V


      to check your OpenSSH version. If your version is within the vulnerable range, you need to update.

       

      Recommended Actions:


      - Update OpenSSH to the latest version if your current version is within the vulnerable range.
      - Restrict SSH access to trusted IP addresses using firewall rules.

       

      Updating OpenSSH on Linux Servers:


      Ubuntu/Debian: Run sudo apt-get update && sudo apt-get upgrade openssh-server
      CentOS/RHEL: Run sudo yum update openssh-server
      Fedora: Run sudo dnf update openssh-server

       

      In some distributions, the standard repositories do not contain the latest version of OpenSSH. In such cases, you should follow the instructions from your distribution provider to update OpenSSH to a secure version. Example for Rocky Linux 9: https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression

       

      For more information, visit the following sources:

      https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression
      https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
      https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

       

      If you have any questions or need assistance, please contact our technical support. You can create a request from your personal account https://cp.zomro.com or send an email to [email protected]. We are ready to help you at any time.

      Similar articles:
      We celebrate System Administrator Day Gifts for the New Year from Zomro New VDS XXL Tariff Increase in prices since February We celebrate System Administrator Day

      Dedicated servers

      FROM €39/MONTH

      Discount -10% for the first month