regreSSHion: Unauthed RCE Vulnerability in OpenSSH

gundy · July 2, 2024, 8:07pm

I haven’t seen any discussion about this vulnerability here. This resurfaces in OpenSSH versions from 8.5p1 up to, but not including, 9.8p1.

This is what my rolling version of VyOS is running:

$ show version 
Version: VyOS 1.5-rolling-202406020021

$ ssh -V
OpenSSH_9.2p1...

I’ll bet many in this community are vulnerable.

Summary of the exploit:

This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

kyle · July 2, 2024, 8:09pm

There was a blog post about it earlier.

gundy · July 2, 2024, 8:14pm

Shoot, missed it!

For the rest of us who didn’t see it, here’s the link!

Netboy3 · July 4, 2024, 2:54am

You trimmed the most important part. As of now, CVE-2024-6387 has been fixed in Debian bookworm. The fixed package version is 1:9.2p1-2+deb12u3. As VyOS is pulling this package from Debian during build, a freshly made rolling ISO already runs the fixed version. You might want to check the openssh-server package version of the latest rolling to verify, and if it’s still u2, it should be upgraded the next day.

system · July 18, 2024, 2:54am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.