regreSSHion: Exploiting Signal Handler Race Condition in OpenSSH
regreSSHion: Exploiting Signal Handler Race Condition in OpenSSH
Summary:
The “regreSSHion” vulnerability (CVE-2024-6387) in OpenSSH allows unauthenticated remote code execution with root privileges on glibc-based Linux systems, affecting versions 8.5p1 to 9.7p1. Despite being hard to exploit, it poses severe risks including full system compromise. Mitigation includes updating to version 9.8p1 or adjusting ‘LoginGraceTime’ settings, though this may expose systems to denial-of-service attacks.
Threat Level – Red | Vulnerability Report
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.