Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do

from ZDNET 2 months ago

Dubbed "regreSSHion" and tagged as CVE-2024-6387, this nasty bug allows unauthenticated remote code execution (RCE) on OpenSSH servers running on glibc-based Linux systems.
ZDNEThttps://www.zdnet.com/article/over-14m-servers-may-be-vulnerable-to-opensshs-regresshion-rce-flaw-heres-what-you-need-to-do/

The vulnerability is a regression of CVE-2006-5051, a bug patched back in 2006. This old foe somehow snuck back into the code in October 2020 with OpenSSH 8.5p1.
ZDNEThttps://www.zdnet.com/article/over-14m-servers-may-be-vulnerable-to-opensshs-regresshion-rce-flaw-heres-what-you-need-to-do/

The vulnerability resurfaced in OpenSSH 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component.
ZDNEThttps://www.zdnet.com/article/over-14m-servers-may-be-vulnerable-to-opensshs-regresshion-rce-flaw-heres-what-you-need-to-do/

Read at ZDNET

#openssh #linux-security #remote-code-execution #qualys-threat-research-unit

[

Collection

]

[

...

]

Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to doOver 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do Briefly

Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do
Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do
Briefly