{"id":4274,"date":"2024-07-01T14:38:55","date_gmt":"2024-07-01T19:38:55","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems"},"modified":"2024-07-01T14:38:55","modified_gmt":"2024-07-01T19:38:55","slug":"regresshion-bug-threatens-takeover-of-millions-of-linux-systems","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/01\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems\/","title":{"rendered":"‘RegreSSHion’ Bug Threatens Takeover of Millions of Linux Systems"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

An unauthenticated remote code execution (RCE) vulnerability in the OpenSSH secure communications suite opens millions of Linux-based systems to takeover as root.<\/span><\/p>\n

Dubbed “RegreSSHion” by researchers who discovered it at the Qualys Threat Research Unit (TRU), the bug (a 8.1 CVSS score) is more specifically a signal handler race condition in OpenSSH\u2019s server (sshd). It affects glibc-based Linux systems running sshd in its default configuration; it may also exist in Mac and Windows environments (though exploitability for those hasn’t been proven yet).<\/span><\/p>\n

“This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access,” <\/span>read to a TRU posting<\/a><\/span> on July 1.<\/span><\/p>\n

Moreover, “it could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization [and] gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities.”<\/span><\/p>\n

According to the Qualys researchers behind the discovery, there are more than 14 million potentially vulnerable OpenSSH server instances exposed to the Internet.<\/span><\/p>\n

CVE-2024-6387 Showcases the Need for Regression Testing<\/h2>\n

The bug gets its “RegreSSHion” moniker from the fact that it’s actually a reappearance of a flaw that was fixed in 2006 (CVE-2006-5051), likely reintroduced via untested updates or older code use. That means different patching schemes are available for different versions.<\/span><\/p>\n

“In this case, the OpenSSH team accidentally reintroduced a flaw that they had already fixed, demonstrating that every team needs fully automated test suites that run with every build and help prevent regressions … particularly for security fixes,” says Jeff Williams, co-founder and CTO at Contrast Security.<\/span><\/p>\n

The vulnerability is challenging to exploit, according to researchers, but also is not easy to fully remediate, demanding a focused and layered security approach.<\/span><\/p>\n

“<\/span>Unlike Log4Shell attacks<\/a><\/span>, which could be completely contained in a single unauthenticated HTTP request, this attack is a bit noisy and takes approximately 10,000 attempts on average to succeed,” Williams explains. “I’m optimistic that this will enable providers to detect and prevent these attacks before they are successful.”<\/span><\/p>\n

Yet at the same time, “this fix is part of a major update, making it challenging to backport,” according to the TRU researchers. “Consequently, users will have two update options: upgrading to the latest version released on Monday, July 1st (9.8p1) or applying a fix to older versions as outlined in the advisory.”<\/span><\/p>\n

As for various <\/span>Linux distros and vendor implementations<\/a><\/span>, patches are expected “shortly,” according to TRU. Meanwhile, admins can limit SSH access through network-based controls to minimize attack exposure; employ network segmentation to prevent damage in the event of a compromise; check logs for TRU’s indicators of compromise (IoCs); and roll out comprehensive intrusion detection capabilities.<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

An unauthenticated remote code execution (RCE) vulnerability in the OpenSSH<\/p>\n","protected":false},"author":12,"featured_media":4275,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/regresshion-bug-threatens-takeover-of-millions-of-linux-systems-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4274"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4274\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4275"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}