CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH’s server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

Exploit Details

Vulnerability Summary

The exploit targets the SIGALRM handler race condition in OpenSSH’s sshd:

• Affected Versions: OpenSSH 8.5p1 to 9.8p1.
• Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.

The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd) on glibc-based Linux systems, allowing unauthenticated attackers to gain root access and potentially seize complete control of the affected machines.

The vulnerability, a signal handler race condition in OpenSSH’s server (sshd), impacts sshd in its default configuration and “does not require user interaction”. This race condition is particularly concerning as it allows unauthenticated RCE as root, giving attackers full control over the affected systems. This flaw is present in OpenSSH versions from 8.5p1 up to, but not including, 9.8p1, reintroducing a previously patched issue from CVE-2006-5051.