nixCraft 🐧Jul 1, 2024
Heads up: regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server. Patch your server ASAP. https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server also see my openssh security guide for more info https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
OpenSSH CVE-2024-6387 RCE Vulnerability: Risk & Mitigation | Qualys

CVE-2024-6387 exploit in OpenSSH poses remote unauthenticated code execution risks. Find out which versions are vulnerable and how to protect your systems.

Qualys
sweetpotato cymbalJul 3, 2024
Show threadnixCraft 🐧
More info about this issue https://www.openssh.com/txt/release-9.8
Jul 1, 2024 at 1:01pmWeb
Show threadsweetpotato cymbalJul 3, 2024
@nixCraft Really scary vulnerability! I was wondering why multiple kB-long usernames were not mentioned on patch-notes. Option to limit usernames would to me seem like a useful mitigation strategy, as that was the method used for polluting the memory arena.