The Cyber Threat Perspective

Episode 100: The OpenSSH RegreSSHion Vulnerability

Jul 10, 2024

27:14

forum

Ask episode

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Links:

https://nvd.nist.gov/vuln/detail/CVE-2024-6409
https://nvd.nist.gov/vuln/detail/CVE-2024-6387
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technology
https://www.infosecurity-magazine.com/news/chinese-state-exploits/
https://x.com/fofabot/status/1810622161192919350
https://justpaste.it/do235

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov

Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/mylinks

Work with Us: https://securit360.com

Home Top podcasts Popular guests