What is CVE-2024-6387?
CVE-2024-6387, also nicknamed "regreSSion," is a critical vulnerability in OpenSSH's server software (sshd) that allows for remote unauthenticated code execution (RCE) on affected systems. This means an attacker could potentially take complete control of your machine without ever needing valid login credentials.
The vulnerability stems from a signal handler race condition within OpenSSH. When a client fails to authenticate within a specific timeframe, the server triggers a signal handler. Crucially, some functions called during this process are not designed to handle interruptions and can lead to unexpected behavior. In certain glibc-based Linux systems, this can be exploited for RCE.
Who discovered it?
The Qualys Threat Research Unit (TRU) is credited with discovering CVE-2024-6387. Their research indicates this vulnerability has the potential to affect millions of servers.
How can I find out if I'm vulnerable?
There are two main ways to check if your system is vulnerable to CVE-2024-6387:
- Check your OpenSSH version: Vulnerable systems will be running OpenSSH versions earlier than 4.4p1 or 8.5p1, up to but not including 9.8p1. You can check your version by running the following command in your terminal:
ssh -V
- Consult your Linux distribution's security resources: Most Linux distributions have released advisories regarding CVE-2024-6387. These advisories will detail the specific versions affected and any available patches.
Open Source Tools and Patches
The good news is that patches are readily available to address CVE-2024-6387. It's crucial to update your OpenSSH server to a patched version as soon as possible. You can find the update procedure specific to your Linux distribution through their official channels.
Here are some additional resources:
- Qualys Threat Research Unit: OpenSSH Vulnerability: CVE-2024-6387 FAQs and Resources
- Ubuntu Security Notice: https://ubuntu.com/security/CVE-2024-6387
