I don't suppose anyone was able to snag the reported compiled exploit binary before it was taken down?
https://securityboulevard.com/2024/07/regresshion-cve-2024-6387-a-targeted-exploit-in-the-wild/
A critical security flaw, known as regression and cataloged under CVE-2024-6387, has been identified in OpenSSH, just a few days ago. This vulnerability allows an unauthenticated attacker to execute arbitrary code and potentially obtain root access on the compromised system. Despite the severity sounding akin to notorious vulnerabilities like WannaCry and Log4Shell, the practical risk The post RegreSSHion CVE-2024-6387: A Targeted Exploit in the Wild appeared first on VERITI.
There isn't yet a patch for CVE-2024-6387 a.k.a. "regreSSHion" in RHEL9 but Red Hat suggests a mitigation by setting LoginGraceTime to 0 in sshd_config (source: https://access.redhat.com/security/cve/cve-2024-6387)
I wrote a small Ansible playbook to do this on multiple systems in an automated way.
If someone has the same task, feel free to draw inspiration from here:
https://gist.github.com/chofstede/67641b45f7b2379bab5832b70c0b8351
It's tested and idempotent (can run multiple times with the same result) but no warranties. Use at your own risk.
And for other systems, I've made a playbook to patch openssh to the latest version: https://gist.github.com/chofstede/c076ededc4fbf0478740473542af98c3)
#linux #regresshion #cve20246387 #ansible #rhel #redhat #mitigation #sysadmin #openssh #security
🚨 Critical OpenSSH Vulnerability Alert🚨
A severe Remote Unauthenticated Code Execution (RCE) vulnerability has been identified in OpenSSH's server (sshd) on glibc-based Linux systems. This critical flaw, assigned CVE-2024-6387, poses a significant security risk as it allows unauthenticated remote code execution as root.
#CyberSecurity #OpenSSH #Vulnerability #CVE20246387 #RCE #Linux #SysAdmin #Infosec #SecurityAlert #TechNews
I wrote a small #Ansible playbook to automate updating openssh to the latest available version on multiple hosts (Works on Debian and EL based distributions):
https://gist.github.com/chofstede/c076ededc4fbf0478740473542af98c3
❯ ansible-playbook -i inventory patch_openssh.yml
Just sharing this here, in case, someone might find it helpful. Use at your own risk.
#linux #openssh #cve20246387 #rce #sysadmin #security #vulnerability
Bueno, feliz lunes para todos los sysadmins. Vulnerabilidad en OpenSSH (CVE-2024-6387), comprueben las versiones y actualicen cuanto antes. Podría ser peor, podría ser viernes.
Hay una "mitigation" si no pueden actualizar, pero ojo que abre la puerta a un posible DoS para SSH.
https://www.openssh.com/releasenotes.html#9.8p1
https://ubuntu.com/security/CVE-2024-6387
best part of #cve20246387 must be the references to #interrupters’ songs.
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=upstract.com
We can assure our customers that we are fully protected against the new OpenSSH security vulnerability as we use telnet
Jelloeater
johnduggins
Larvitz 
Relianoid
Julio J.
popey
martin sereinig
Status Updates