Critical RCE Vulnerability in OpenSSH (CVE-2024-6387) - The Full Playbook
OpenSSH security made front-page news two months ago with the shocking discovery of the xz-utils zero-day vulnerability, which targeted the OpenSSH binary to gain backdoor access to Linux-based operating systems. OpenSSH is used as a first (and only!) line of defense for millions of servers all over the internet—so it represents a high-value target for attackers. In short: its security is a big deal.
Today, OpenSSH is back in the headlines with a zero-day vulnerability (dubbed 'RegreSSHion' by Qualys, who were the first to release a security advisory with details on the findings) that is shaping up to be a doozy, enabling Remote Code Execution in OpenSSH servers.. As this story unfolds, we’d like to provide a quick TL;DR of the impact of the vulnerability, how it can be exploited, and how you can protect your environment if you employ this wildly popular open source protocol (and who isn’t?!).
The vulnerability is a signal handler race condition in OpenSSH's server (sshd). OpenSSH is a widely-used suite of secure networking utilities based on the Secure Shell (SSH) protocol, providing encrypted communication over unsecured networks. In the context of this vulnerability, if a client fails to authenticate within a specified period (LoginGraceTime), which defaults to 120 seconds, the server's signal handler is triggered to handle the timeout.
