来源

关联漏洞

描述

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

介绍

OpenSSH CVE-2024-6387 Vulnerability Checker
This Python script checks if servers are running a vulnerable version of OpenSSH that is susceptible to the CVE-2024-6387 vulnerability. It scans the specified IP addresses or network ranges for the OpenSSH banner and compares it against known vulnerable versions.



🚨🚨Security Alert Notification🚨🚨

Release Date: July 1, 2024

Vulnerability Details

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

According to Bharat Jogi, Senior Director of the Qualys Threat Research Unit, the vulnerability is a signal handler race condition affecting glibc-based Linux systems running sshd in its default configuration. This issue, termed "regreSSHion," is a regression of a previously patched vulnerability (CVE-2006-5051), which reappeared in the OpenSSH version 8.5p1 released in October 2020.


Affected Packages

The following versions of OpenSSH are affected by this vulnerability:

- 8.5p1 to 9.7p1
- Versions prior to 4.4p1 are also affected unless patched for CVE-2006-5051 and CVE-2008-4109

Note that OpenBSD systems are not affected by this vulnerability due to built-in security mechanisms.

Attack Method

This vulnerability arises from a signal handler race condition, which attackers can exploit in the following ways:

- If the client does not authenticate within 120 seconds, sshd's SIGALRM handler is called asynchronously in a manner that is not async-signal-safe.
- Successful exploitation leads to a full system compromise and takeover, allowing the attacker to execute arbitrary code with the highest privileges, bypass security mechanisms, steal data, and maintain persistent access.

Remediation Recommendations

To mitigate this vulnerability, we recommend the following actions:

1. Update OpenSSH Immediately: Update OpenSSH to the latest version (9.8p1) to fix this vulnerability.
2. Strengthen SSH Access Controls: Limit SSH access through network-based controls and implement network segmentation to restrict unauthorized access and lateral movement.

References

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

https://thecyberthrone.in/2024/07/01/regresshion-vulnerability-cve-2024-6387/

https://securityaffairs.com/165087/security/openssh-server-critical-flaw.html

https://www.bleepingcomputer.com/news/security/new-regresshion-openssh-rce-bug-gives-root-on-linux-servers/

https://www.theregister.com/2024/07/01/regresshion_openssh/

文件快照

 [4.0K]  /data/pocs/79abac96ba4b442732fef7c5ef89efe652215371
├── [4.3K]  CVE-2024-6387 check.py
├── [4.8K]  CVE-2024-6387 POC.py
└── [2.7K]  README.md

0 directories, 3 files

备注