RegreSSHion and how modern attacks have evolved
One of the largest vulnerabilities of this year just dropped on the 1st of July. The short name being "RegreSSHion" otherwise known as CVE-2024-6387 a vulnerability in OpenSSH's server (SSHd) that allows unauthenticated root access.
What is RegreSSHion?
RegreSSHion is one of the more patient hacks we have seen this year. The vulnerability involves connecting to the victim computer as if you were going to authenticate into SSH but never close the connection. After OpenSSH times out it will make asynchronous calls to syslog to log the timeout. The researchers at Qualys discovered that this could be abused by racing against the program in a very small time slot to gain full root privileges over the computer.
Bharat Jogi
The catch?
This vulnerability takes a ton of time to exploit. A potential exploiter is limited to 10 connections and has to wait until the connection expires each time. The victim and the exploiter will also be in a true race to see who can change the memory first. based on qualys blog, they stated it could take up to a week of constant attempts to gain this access.
This basically means you would have to remotely race the CPU in order to get access to the computer. So its not exactly something that can be grabbed all in one go. We've gotten to racing the computer itself to see who does what first!
What now?
As is always said make sure to keep systems up to date. With the disclosure released OpenSSH has been updated to mitigate this vulnerability. The potential impact of this vulnerability is immense with 4 million machines currently vulnerable, so always make sure to update!
Why is this so interesting?
The RegreSSHion vulnerability shows us the lengths we are having to go to now in order to exploit systems, making sure we are secure by design and every inch of an attack surface is covered.