ThreatLight’s Post

Hey folks! #CVE 2024-6387: regreSSHion OpenSSH Vulnerability regreSSHion, CVE-2024-6387, is an unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction. It poses a significant exploit risk. https://lnkd.in/dX3TMDcV To check: https://lnkd.in/dWcUKKhC PoC: https://lnkd.in/dZDVs4KJ #pentest #redteam #hacking #cibersegurança #cybersecurity #infosec #informationsecurity #exploit #vulnerability #openssh #vulnerabilidade

🚨 Attention, Cybersecurity Professionals! A critical vulnerability has been discovered in OpenSSH (CVE-2024-6387) by Qualys, affecting an estimated 18 million systems worldwide. This CVE is as severe as the infamous Log4Shell from 2021. 🔒 We strongly urge all customers to patch their systems immediately to mitigate potential risks. 📌 Key Resources: Qualys Announcement and More Information: https://lnkd.in/gb7_aP-7 Detailed Analysis: https://lnkd.in/dYDNDvCy Stay vigilant and ensure your systems are secure! #CyberSecurity #OpenSSH #PatchNow #CVE20246387

CVE-2024-6387: Serious vulnerability discovered in OpenSSH! The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This bug marks the first OpenSSH vulnerability in nearly two decades — an unauthenticated RCE that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk. More information and action recommendations in this article from Qualys 👇 Source / Kudos: Qualys.com https://lnkd.in/gb7_aP-7 And don't "forget": #JOUO informs you as well, if your cyberinfrastructure might be affected - by this CVE or others. Feel free to test JOUO yourself with this link https://lnkd.in/eskXEaRT As a thank you 🙏 for your interest, you get a first risk assessment for free. As our mission is to help you protect your cyber infrastructure, specifically if you're a SME! #DoNotFightAlone

Once again the default config is the root cause the openssh unauthenticated remote code execution granting full root access, discovered by Qualys - CVE-2024-6387 Check sshd version and don't forget to update your servers! https://lnkd.in/giasap6U https://lnkd.in/g65TMjdp #vulnerability #cybersecurity #patch #RCE #CVE

**"Critical Linux Vulnerability Allows Root Access: Urgent Action Required"** **根本Linux漏洞允許root訪問：立即採取行動**（中文版在下文） **Understanding the Severity of Root Access Vulnerabilities** A newly discovered vulnerability, CVE-2024-6387, known as "regreSSHion," has emerged as a critical security concern. This flaw affects the widely-used OpenSSH server, potentially allowing attackers to bypass authentication and gain root access to affected machines. Root access means complete control over a system, leading to catastrophic outcomes like data breaches, unauthorized modifications, and complete system compromise. **Implications for Linux Servers** Linux servers, known for their stability and security, are at the heart of many enterprise operations. The regreSSHion vulnerability has the potential to affect millions of Linux servers worldwide, given the extensive use of OpenSSH in various distributions. According to estimates, there are over 20 million Linux servers in operation globally, highlighting the widespread impact of this flaw. **Extended Risk of the regreSSHion Vulnerability** The regreSSHion vulnerability, discovered by Qualys’ research team, is rooted in a race condition and affects the signal handling within the OpenSSH daemon. While exploiting this flaw is complex—requiring up to 10,000 attempts over 6-8 hours on a Debian stable OpenSSH_9.2p1 server—it remains a significant threat due to the potential for gaining root privileges. Organizations using firewalls or tools like fail2ban might mitigate the risk, but the urgency to patch remains high to prevent severe exploitation. **Security Advisory for Affected Users** To protect against this critical vulnerability, it is imperative to update OpenSSH to the latest version immediately. Organizations should enhance their monitoring for unusual activities and implement additional security measures such as firewalls and intrusion prevention systems to thwart potential attacks. **了解root訪問漏洞的嚴重性** 一個新發現的漏洞CVE-2024-6387，被稱為“regreSSHion”，成為一個重要的安全關注點。這個漏洞影響廣泛使用的OpenSSH服務器，可能允許攻擊者繞過身份驗證並獲得受影響機器的root訪問權限。root訪問意味著對系統的完全控制，可能導致災難性後果，包括數據洩露、未經授權的修改和系統完全崩潰。 **對Linux服務器的影響** 以穩定性和安全性著稱的Linux服務器是許多企業運營的核心。regreSSHion漏洞可能會影響全球數百萬台Linux服務器，因為OpenSSH在各種發行版中廣泛使用。根據最近的估計，全球運行中的Linux服務器超過2000萬台，這強調了這個漏洞的廣泛影響。 **regreSSHion漏洞的延伸風險** 由Qualys研究團隊發現的regreSSHion漏洞根源於一個競態條件，影響OpenSSH守護進程內的信號處理。雖然利用這個漏洞的複雜性很高——在Debian stable OpenSSH_9.2p1服務器上需要多達10,000次嘗試，耗時6-8小時——但由於可能獲得root權限，這仍然是一個重大威脅。使用防火牆或類似fail2ban工具的組織可能會減少風險，但仍需要緊急修補以防止嚴重利用。 **受影響用戶的安全建議** 為了防範這個重大漏洞，必須立即更新OpenSSH到最新版本。組織還應加強對異常活動的監控，並實施額外的安全措施，如防火牆和入侵防禦系統，以阻止潛在攻擊。 This post is written by AI and approved by Leo Tong, CISM. **Sources:** 1. [Qualys Advisory on regreSSHion](https://lnkd.in/gh5BGA-T) 2. [Facebook Page Huli 隨意聊comment on regreSSHion](https://lnkd.in/gGy8dj7G?) #CyberSecurity #Linux #OpenSSH #DataProtection #TechNews #SecurityAdvisory

🚨 Critical Vulnerability Alert: CVE-2024-6387 (8.1.)🚨 The Qualys Threat Research Unit (TRU) has identified a critical zero-day vulnerability in OpenSSH, designated CVE-2024-6387. This flaw affects millions of servers worldwide, potentially leading to complete system compromise. Immediate action is required to mitigate this risk. Ensure your systems are updated and monitor for patches and advisories. Stay vigilant and secure! 🔒#cybersecurity #zeroday #OpenSSH #CVE20246387 #infosec #Qualys A first POC is available already as well: https://lnkd.in/gaK_3Dcb https://lnkd.in/gxi-ZBfz

Federal Agency Warns (Patched) Critical Linux Vulnerability Being Actively Exploited: "The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday. "The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation. A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors... Read more of this story at Slashdot.

🚨 CRITICAL ALERT: "RegreSSHion" OpenSSH Bug (CVE-2024-6387) poses a significant threat to over 14 million Linux servers, warns Qualys. Attackers can exploit this vulnerability to execute code remotely without login credentials. 32-bit systems are most at risk, facing potential compromise within hours, while 64-bit systems are also vulnerable but may take longer to exploit. To protect your systems, update OpenSSH to version 9.8p1 or later immediately. Qualys offers mitigations if patching isn't feasible. OpenBSD and Alpine Linux users are currently not affected by this critical security flaw. This flaw is a serious concern as OpenSSH is widely used for secure remote access. The impact could be massive, underscoring the urgency to patch systems and enhance security measures. Let's act swiftly to prevent this from escalating into another Log4Shell scenario. #Cybersecurity #Linux #OpenSSH #ZeroDay #RCE #Vulnerability #PatchNow #CybersecurityAwareness #InfoSec #ProtectYourServers Resources: - Qualys Advisory: https://lnkd.in/gheud3Wz - Qualys Video Explanation: https://lnkd.in/gDMN5-Pz - The Cyber Mentor Video Explanation: https://lnkd.in/gmmujjqS - BleepingComputer Article: https://lnkd.in/g5PSaHT9

Attention Linux users and security professionals! A recent discovery of a critical vulnerability (CVE-2024-3094) in XZ Utils, a widely used compression tool, requires immediate action. This backdoor could potentially allow attackers to bypass SSH authentication and gain unauthorized access to vulnerable systems. the technical details of this exploit, including: How the backdoor was hidden Affected systems and distributions Actionable mitigation strategies Don't let your Linux systems become vulnerable! ️ read the report and learn how to protect yourself. https://lnkd.in/gtK72M4S #cybersecurity #threatintelligence #linuxsecurity #CVE-2024-3094 #backdoor #vulnerability #securitypatch #staysafe

Federal Agency Warns (Patched) Critical Linux Vulnerability Being Actively Exploited: "The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild," reported Ars Technica on Friday. "The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges." It's the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation. The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations... It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation. A deep-dive write-up of the vulnerability reveals that these exploits provide "a very powerful double-free primitive when the correct code paths are hit." Double-free vulnerabilities are a subclass of use-after-free errors... Read more of this story at Slashdot.