Episode 100: The OpenSSH RegreSSHion Vulnerability
Jul 10, 2024•27 min•Season 1Ep. 100
Episode description
In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6409
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technology
- https://www.infosecurity-magazine.com/news/chinese-state-exploits/
- https://x.com/fofabot/status/1810622161192919350
- https://justpaste.it/do235
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Spencer's Twitter: https://x.com/techspence
Spencer's LinkedIn: https://linkedin.com/in/SpencerAlessi
Work with Us: https://securit360.com