New OpenSSH Vulnerability Related to regreSSHion Discovered

By Riley ThompsonTechnology News

Another OpenSSH Vulnerability Linked to regreSSHion Found

During the analysis of the recently discovered CVE-2024-6387 (regreSSHion) vulnerability in OpenSSH, another remote code execution issue has been identified. The new bug was discovered by Openwall specialist Alexander Peslyak. He reports that the new vulnerability, related to regreSSHion, is a race condition in signal handling involving the privsep child process. This vulnerability has been assigned the identifier CVE-2024-6409 (with a CVSS score of 7).

โ€œThe main difference from CVE-2024-6387 is that the race condition and the possibility of code execution occur in the privsep child process, which runs with lower privileges compared to the parent server process. Therefore, the immediate threat in this case is lower,โ€ Peslyak explains. โ€œHowever, in specific scenarios, there may be certain differences in how these vulnerabilities are exploited, making one more attractive to attackers. If only one of the issues is fixed or mitigated, the other may become more relevant. It is also possible to create an exploit that probabilistically works for either vulnerability, which could reduce attack time and increase the success rate.โ€

The issue affects sshd daemon versions 8.7p1 and 8.8p1, which are used in Fedora 36 and 37, as well as Red Hat Enterprise Linux 9 (RHEL 9).

Developers of the affected Linux distributions have already started releasing advisories and patches for CVE-2024-6409. Since support for Fedora 36 and 37 ended last year, Canonical has already stated that Ubuntu users do not need to worry, as none of the supported versions use the mentioned releases.

It is also worth noting that last week Microsoft confirmed that Windows is not affected by the regreSSHion issue. โ€œAlthough Windows includes an OpenSSH component, the vulnerable code cannot be used or controlled by an attacker,โ€ Microsoft explained.

It is believed that in most cases, macOS is also not affected by this vulnerability. However, Apple representatives have not yet published any official comments on the matter.

Leave a Reply