Skip to main content
Cybersecurity & DevOps projects | CTF Writeups
  1. Blogs/

RegreSSHion

·2 mins·
Arbaaz Jamadar
Author
Arbaaz Jamadar

What is OpenSSH?
#

Secure shell (SSH) is a protocol used for establishing secure connections, default port used by SSH is 22. OpenSSH is a suite of open-source networking utilities and programs that are based on the Secure Shell (SSH) protocol. OpenSSH is used to securely manage systems remotely across platforms, including file transfers, secure remote logins, and command execution. It provides authentication using cryptographic keys or username and password. OpenSSH is a software that can be installed on Windows, macOS, Linux, OpenBSD.

Vulnerability:
#

This vulnerability is caused due to a race condition which happens when a user authentication time period expires. When the timeout occurs, a SIGALRM is generated interrupting the thread executing heap management. If the signal handler itself calls the heap management routine, it could cause unexpected behavior and, in this case, execute arbitrary code.

Multiple POCs has been developed by research team from qualys, where they demonstrate and measure the time required to exploit this vulnerability for previous vulnerable version and current vulnerable version.

Note
#

Although this vulnerability is serious resulting in arbitary code execution. It is very time consuming and persuvasive the chances of succeeding is 1 in 10,000 for every connection. It is a very complex process, as you have to create the perfect payload and guess the memory location of the payload for every exploitation. This is due to ASLR (address space layout randomization) a technique used by default in linux to prevent memory address based exploitations.

CVEs:
#

  1. CVE-2006-5051 and CVE-2008-4109
  2. CVE-2024-6387

Vulnerable versions:
#

  1. Only the Glibc Openssh is vulnerable:
    1. Versions < 4.4p1
    2. 8.5p1 ≤ Versions ≤ 9.8p1

Mitigations:
#

  1. If you are using any of the vulnerable version, stop the service or take it offline.
  2. Patch has been released for the vulnerability
  3. Map all instances of internet OpenSSH interfaces, and close or restrict access to them. (Segmentation)
  4. Continuous monitoring and logging of active connections and login attempts.

Refrences:
#

  1. https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
  2. https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
  3. https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do
  4. https://www.openssh.com/security.html

Thank you for reading my article !!
#

Related

Dangers to IOT
·2 mins
CodeLeak
·2 mins
Pylol
·2 mins