Skip to content

CVE-2024-6387: openssh

Title

CVE-2024-6387: regreSSHion: remote code execution (RCE) in OpenSSH server, exploitable at least on glibc-based Linux systems

Summary

As discovered by Qualys and summarized by OpenSSH upstream:

A critical vulnerability in sshd(8) was present in Portable OpenSSH versions 8.5p1 [to] 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.

Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.

Public disclosure date: July 1, 2024

EL9

  • Fixed in version: 8.7p1-38.el9_4.security.0.5 available July 1, 2024

EL8

  • Unaffected

Mitigation

Set LoginGraceTime 0 in /etc/ssh/sshd_config and do a systemctl restart sshd.

A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks.