The regreSSHion (CVE-2024-6387) Bug Is Patched In OpenSSH 9.8

Recently, security researchers uncovered a critical vulnerability, dubbed "regreSSHion" (CVE-2024-6387), within the widely-used OpenSSH secure communication tool. This flaw poses a significant risk, potentially enabling remote attackers to execute malicious code on affected systems. This article details the vulnerability and provides essential mitigation steps.

Table of Contents

- Understanding the regreSSHion (CVE-2024-6387) Vulnerability

• Affected OpenSSH Versions
• OpenSSH 9.8: The Solution
  • Race Condition in sshd(8)
  • Logic Error in ssh(1) ObscureKeystrokeTiming
• Securing Your System
• Key Findings
• Summary

Understanding the regreSSHion (CVE-2024-6387) Vulnerability

The Qualys Threat Research Unit (TRU) discovered regreSSHion, an unauthenticated Remote Code Execution (RCE) vulnerability in the OpenSSH server (sshd) component. This critical flaw, impacting Linux systems utilizing glibc, allows attackers to achieve root privileges without any user interaction. Remarkably, this is the first major OpenSSH vulnerability in nearly two decades.

Affected OpenSSH Versions

Versions prior to 4.4p1 and versions ranging from 8.5p1 to 9.7p1 (exclusive of 9.8p1) are susceptible to this vulnerability.

OpenSSH 9.8: The Solution

Released on July 1, 2024, OpenSSH 9.8 directly addresses the regreSSHion vulnerability and another security issue:

1. Race Condition in sshd(8)

The regreSSHion vulnerability in sshd(8) (versions 8.5p1 through 9.7p1) allows for arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR enabled. While 64-bit exploitation is considered feasible, it remains unconfirmed. Importantly, OpenBSD systems are unaffected. This vulnerability was reported by the Qualys Security Advisory Team.

2. Logic Error in ssh(1) ObscureKeystrokeTiming

OpenSSH versions 9.5 through 9.7 contained a logic error in the ssh(1) ObscureKeystrokeTiming feature, rendering it ineffective. This allowed passive observation of network packets to reveal keystroke timing information, compromising a long-standing security measure against timing attacks. This flaw was independently discovered by Philippos Giavridis and researchers from the University of Cambridge Computer Lab.

Securing Your System

Immediate updating to OpenSSH 9.8 or a later version is crucial. This update resolves both vulnerabilities. Many Linux distributions already include the patched version in their default repositories. Use the following commands to update (adapt commands to your specific distribution):

# Alpine Linux
sudo apk update && sudo apk upgrade openssh

# Arch Linux
sudo pacman -Syu openssh

# Debian-based (Debian, Ubuntu)
sudo apt update && sudo apt upgrade openssh-server

# Red Hat-based (RHEL, CentOS, Fedora)
sudo dnf check-update && sudo dnf update openssh-server

# Older RHEL/CentOS
sudo yum check-update && sudo yum update openssh-server

# SUSE-based (openSUSE, SLES)
sudo zypper refresh && sudo zypper update openssh

Verify the update by running: ssh -V

Key Findings

OpenSSH 9.8, released July 1, 2024, patches two critical vulnerabilities:

• Critical sshd Vulnerability: Affects versions 8.5p1 to 9.7p1, potentially granting unauthorized root access. Successfully exploited on 32-bit Linux/glibc systems with ASLR. OpenBSD is not vulnerable. (Discovered by Qualys)
• Timing Attack Vulnerability: Affects versions 9.5 to 9.7, potentially exposing keystroke timing information. (Discovered by Philippos Giavridis and University of Cambridge researchers)

Summary

The regreSSHion vulnerability marks the first major OpenSSH flaw in approximately 20 years, highlighting the continuous need for security updates. Immediate upgrading to OpenSSH 9.8 is strongly recommended.

Resource:

• OpenSSH 9.8 Release Notes

The above is the detailed content of The regreSSHion (CVE-2024-6387) Bug Is Patched In OpenSSH 9.8. For more information, please follow other related articles on the PHP Chinese website!