Critical OpenSSH Vulnerability Affects Linux Systems


The vulnerability allows unauthenticated remote code execution.

Researchers at the Qualys Threat Research Unit (TRU) have found a critical security flaw in OpenSSH's server in glibc-based Linux systems.

The “regreSSHion” vulnerability (CVE-2024-6387), is “a signal handler race condition in OpenSSH’s server (sshd),” which allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems, says Bharat Jogi in a Qualys TRU blog post. "This race condition affects sshd in its default configuration."

OpenSSH is “a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which is vital for secure communication over unsecured networks,” Jogi explains. “OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.”

Read more at Qualys.


comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=