July 15, 2024 at 07:24AM OpenSSH recently faced a second remote code execution vulnerability, named regreSSHion. Discovered by Qualys and Openwall founder Alexander Peslyak, the bug impacts OpenSSH servers and a race condition in the ‘privsep’ child process. Another flaw, tracked as CVE-2024-6409, was also found, with impacted Linux distributions releasing advisories and patches. Windows … Read more
July 10, 2024 at 12:15AM Versions of OpenSSH are at risk due to a new CVE-2024-6409 vulnerability, impacting Red Hat Enterprise Linux 9 versions 8.7p1 and 8.8p1. Discovered by Solar Designer during a review of CVE-2024-6387 by Qualys, this flaw enables remote code execution in the privsep child process. An active exploit for CVE-2024-6387 has … Read more
July 3, 2024 at 06:24AM Qualys discovered a critical OpenSSH vulnerability, CVE-2024-6387, known as regreSSHion, that allows unauthenticated attackers to execute remote code. More than 14 million OpenSSH instances are potentially vulnerable. Exploitation is challenging and not yet confirmed in the wild. While attempts have been made, Palo Alto Networks was unable to achieve remote … Read more
July 1, 2024 at 03:48PM A remote code execution vulnerability in OpenSSH, named “RegreSSHion,” allows attackers to take over Linux systems. The bug, with a CVSS score of 8.1, enables root access and poses significant security risks. Despite its challenging exploitability, the need for rigorous security measures and prompt patching is emphasized, with updates available … Read more
July 1, 2024 at 10:08AM Glibc-based Linux systems should upgrade OpenSSH’s server due to a new bug (CVE-2024-6387) revealed by Qualys researchers. They discovered a race condition vulnerability that could lead to remote code execution, affecting potentially hundreds of thousands of instances. Systems running on OpenBSD are exempt, and Qualys recommends specific patches and network-based … Read more
July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more