OpenSSH version 9.8 has been released to address a security vulnerability CVE-2024-6387, dubbed regreSSHion, which allows malicious actors to inject specially crafted packets to execute code on the victim’s machine.
Of particular interest is that this vulnerability impacts older versions predating 4.4p1 released in 2006 and resurfaced in version 8.5p1 from 2021, leading to the moniker regreSSHion. This vulnerability is primarily found in OpenSSH compiled with glibc, with Qualys confirming that OpenBSD remains unaffected.
Successful exploits currently rely on consecutive 32-bit Linux shellcode injections, as the randomization of memory addresses via ASLR poses a challenge. Testing shows continuous injections taking 6-8 hours, with 64-bit machines being significantly harder to attack. However, some Linux distributions disable ASLR, making attacks considerably easier.
Another vulnerability to note is ObscureKeystrokeTiming, a feature randomizing response times to deter guessing attacks. Nonetheless, hackers can observe the specific packets sent by OpenSSH, revealing the actual typing times of users.
Source: Qualys, OpenSSH
TLDR: OpenSSH version 9.8 addresses a security flaw allowing code execution by injecting malicious packets, affecting older versions and highlighting challenges in exploiting ASLR protections. Additionally, ObscureKeystrokeTiming vulnerability exposes typing patterns, emphasizing the importance of timely security patches.
Leave a Comment