ElectrophyteJul 1, 2024
nixCraft 🐧
Heads up: regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server. Patch your server ASAP. https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server also see my openssh security guide for more info https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys

CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.

Qualys
Jul 1, 2024 at 12:41pmWeb
Show threadnixCraft 🐧Jul 1, 2024
More info about this issue https://www.openssh.com/txt/release-9.8
Show threadsweetpotato cymbalJul 3, 2024
@nixCraft Really scary vulnerability! I was wondering why multiple kB-long usernames were not mentioned on patch-notes. Option to limit usernames would to me seem like a useful mitigation strategy, as that was the method used for polluting the memory arena.
Show threadfarcallerJul 1, 2024
@nixCraft that feel when you no longer have publicly-exposed ssh access. Oh well, now onto the patching.
Show threadSilvengaJul 1, 2024
@nixCraft do we know if fail2ban mitigates this at all (not sure when an open connection is considered and auth failure in the eyes of fail2ban)?
Show threadErrorNoInternetJul 1, 2024
@silvenga @nixCraft if you set mode = aggressive it'll consider every connection as an attempt, but i don't think that's the default
Show threadDanielJul 1, 2024

For anybody using Ubuntu, they've released an update that should patch it:

https://ubuntu.com/security/CVE-2024-6387

CVE-2024-6387 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

Ubuntu