regreSSHion: Exploiting Signal Handler Race Condition in OpenSSH

Threat Level – Red | Vulnerability Report
Download PDF


The “regreSSHion” vulnerability (CVE-2024-6387) in OpenSSH allows unauthenticated remote code execution with root privileges on glibc-based Linux systems, affecting versions 8.5p1 to 9.7p1. Despite being hard to exploit, it poses severe risks including full system compromise. Mitigation includes updating to version 9.8p1 or adjusting ‘LoginGraceTime’ settings, though this may expose systems to denial-of-service attacks.

Threat Level – Red | Vulnerability Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox