Home Secure Shell (SSH) The regreSSHion (CVE-2024-6387) Bug Is Patched In OpenSSH 9.8

The regreSSHion (CVE-2024-6387) Bug Is Patched In OpenSSH 9.8

Critical OpenSSH Vulnerability Patched: What You Need to Know

By sk
287 views

A few days ago, Researchers found a serious security flaw in OpenSSH, a widely used tool for secure communication over a network. This flaw is known as "regreSSHion" (CVE-2024-6387).

This bug could potentially allow a remote attacker to execute malicious code on a system running OpenSSH. This post explains what exactly happened and what you should do.

What is regreSSHion (CVE-2024-6387) Bug?

A severe security bug, dubbed regreSSHion, CVE-2024-6387, has been discovered in OpenSSH. It was discovered by the Qualys Threat Research Unit (TRU).

The vulnerability is an unauthenticated Remote Code Execution (RCE) issue in OpenSSH's server (sshd) on Linux systems using glibc. This means an attacker could gain full root access without needing any user interaction.

This vulnerability is particularly noteworthy as it's the first major OpenSSH vulnerability in nearly two decades.

Which OpenSSH Versions are Affected?

The flaw affects OpenSSH versions before 4.4p1 and versions from 8.5p1 up to, but not including, 9.8p1.

OpenSSH 9.8 is Released

In response to this threat, the OpenSSH team has released version 9.8 on July 1, 2024. This update not only patches the critical vulnerability but also addresses another security issue.

1. Race Condition in sshd(8)

As we mentioned already, a critical vulnerability known as "regreSSHion" was found in sshd(8) in versions 8.5p1 through 9.7p1. This flaw could allow arbitrary code execution with root privileges.

Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with Address Space Layout Randomization (ASLR). While exploitation on 64-bit systems is considered possible, it has not yet been demonstrated.

Notably, the OpenBSD systems are not vulnerable to this issue.

This bug was identified and reported by the Qualys Security Advisory Team.

2. Logic Error in ssh(1) ObscureKeystrokeTiming

In OpenSSH versions 9.5 through 9.7, a logic error in the ssh(1) ObscureKeystrokeTiming feature made it ineffective. This bug allowed a passive observer to detect which network packets contained real keystrokes.

Additionally, it compromised another long-standing timing attack mitigation, potentially allowing a passive observer to detect when echo was off and obtain limited timing information about keystrokes.

This bug was identified by Philippos Giavridis, and independently by Jacky Wei En Kung, Daniel Hugenroth, and Alastair Beresford of the University of Cambridge Computer Lab.

How Can You Protect Your System?

The best way to protect against this vulnerability is to ensure your OpenSSH version is updated or patched. The latest release, OpenSSH 9.8, addresses the all the known security issues.

The patched OpenSSH version is already rolled out and included in the default repositories of many Linux operating systems. The users are highly encouraged to update their systems:

# Alpine Linux
sudo apk update
sudo apk upgrade openssh

# Arch Linux
sudo pacman -Syu openssh

# Debian-based Systems (Debian, Ubuntu)
sudo apt update
sudo apt upgrade openssh-server

# Red Hat-based Systems (RHEL, CentOS, Fedora)
sudo dnf check-update
sudo dnf update openssh-server

# Older RHEL/CentOS
sudo yum check-update
sudo yum update openssh-server

# SUSE-based Systems (openSUSE, SLES)
sudo zypper refresh
sudo zypper update openssh

After upgrading, verify the installed version of OpenSSH by running:

ssh -V

Key Takeaways

OpenSSH released version 9.8 on July 1, 2024. This update fixes two security problems:

1. Critical Vulnerability in sshd

Affects: OpenSSH versions 8.5p1 to 9.7p1

Impact: Potential unauthorized root access

Details:

  • Successfully exploited on 32-bit Linux systems with ASLR
  • Exploitation on 64-bit systems possible but not yet demonstrated
  • Non-glibc systems may be affected, but this hasn't been confirmed
  • OpenBSD is not vulnerable

Credit: Discovered and reported by the Qualys Security Advisory Team

2. Timing Attack Vulnerability

Affects: OpenSSH versions 9.5 to 9.7

Impact: Potential exposure of keystroke timing information

Details:

  • Bug in the ObscureKeystrokeTiming feature
  • Could allow observers to detect which network packets contained real keystrokes
  • Unintentionally disabled a long-standing protection against timing attacks on password entry

Credit: Discovered by Philippos Giavridis and independently by researchers from the University of Cambridge Computer Lab

Recommendations:

Update to OpenSSH 9.8 or later immediately.

Conclusion

This is the first major flaw in OpenSSH in about 20 years. It shows that even trusted tools need regular updates.

The release of OpenSSH 9.8 is a significant step forward in securing systems against known vulnerabilities.

Users are strongly encouraged to update their OpenSSH installations to the latest version to protect against these and other potential threats.

Resource:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More