July, 2024, a security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). The exploit is explained as follows:
A critical signal handler race condition vulnerability has been introduced in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, called RegreSSHion and identified by code CVE-2024-6387, can result in unauthenticated remote code execution (RCE) with root privileges. This vulnerability has been rated High severity (CVSS 8.1).
This vulnerability can be exploited remotely on glibc-based Linux systems due to syslog() calling async-signal-unsafe functions like malloc() and free(), leading to unauthenticated remote code execution as root.
This occurs because sshd’s privileged code is not isolated and runs with full privileges. OpenBSD is not vulnerable because its signal alarm (SIGALRM) handler uses syslog_r(), an async-signal-safe version of syslog().
This vulnerability impacts the following OpenSSH server versions:
Vulnerable in Open SSH Server version 9.2p1-2+deb12u2 (SKUDONET 10.0.0)
Fixed in Open SSH Server version 9.2p1-2+deb12u3 (SKUDONET 10.0.1)
SKUDONET customers receive protections and mitigations for CVE-2024-6387 through our packages update channel (included in any support level), all the SKUDONET appliances are connected to our package repository system and the SKUDONET Operating System checks daily if some packages are pending of update.
This vulnerability is fixed in SKUDONET 10.0.1, package openssh 1:9.2p1-2+deb12u3, SKUDONET 6 is not affected by this vulnerability
SKUDONET recommends updating SKUDONET Operating Systems frequently to avoid vulnerabilities exploitation.
Refer to our timeline to check CVE resolutions
