Threat Advisory

Remote Code Execution Vulnerability CVE-2024-6387 in glibc-based Linux Systems

July 5, 2024 | By Accorian

Description

The Qualys Threat Research Unit issued an advisory for CVE-2024-6387 on July 1 regarding a vulnerability affecting glibc-based Linux systems that allow unauthenticated remote code execution known as “regreSSHion.” It is a regression of CVE-2006-5051, reintroduced with OpenSSH version 8.5p1. While exploitation is challenging, it can have severe impacts. Lab tests show it requires about 10,000 attempts over 6-8 hours against 32-bit hosts, with 64-bit hosts theoretically at risk but not publicly proven.

Impact

This vulnerability may allow attackers to escalate privileges fully if a client fails to authenticate within 120 seconds (600 seconds for legacy OpenSSH versions). Exploiting the regeSSHion vulnerability could enable attackers to:

●       Fully compromise a susceptible host

●       Exfiltrate sensitive data

●       Propagate laterally within the network to internal hosts

●       Encrypt and hold critical data for ransom

Affected Versions

●       OpenSSH versions before 4.4p1

●       OpenSSH versions between 8.5p1 and 9.7p1

Previous patches for CVE-2006-5051 and CVE-2008-4109 have resolved the flaw. OpenBSD systems are unaffected. OpenSSH versions in Red Hat Enterprise Linux 6, 7, and 8 are not vulnerable, as the regression was introduced in OpenSSH 8.5p1, which postdates these versions.

Remediation

To deal with this menace, ensure timely upgrades of OpenSSH upon patch availability. Set LoginGraceTime to 0, acknowledging the potential risk of denial of service if simultaneous connections exceed MaxStartups. Restrict SSH access to internet-exposed hosts and implement network segmentation to curtail lateral movement effectively.

Source: https://www.lacework.com/blog/critical-rce-vulnerability-on-open-ssh-detecting-and-mitigating-cve-2024-6387-regre-ss-hion  

Recent Post

Ready to Start?

Ready to Start?​


Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide