CVE-2024-6387: openssh¶
Title¶
CVE-2024-6387: regreSSHion: remote code execution (RCE) in OpenSSH server, exploitable at least on glibc-based Linux systems
Summary¶
As discovered by Qualys and summarized by OpenSSH upstream:
A critical vulnerability in sshd(8) was present in Portable OpenSSH versions 8.5p1 [to] 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.
Public disclosure date: July 1, 2024
EL9¶
- Fixed in version:
8.7p1-38.el9_4.security.0.5
available July 1, 2024
EL8¶
- Unaffected
Mitigation¶
Set LoginGraceTime 0
in /etc/ssh/sshd_config
and do a systemctl restart sshd
.
A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks.