RegreSSHion (2006's OpenSSH Vuln is Back Again)
OpenSSH Zero-Day Vulnerability (CVE-2024-6387) A new zero-day vulnerability, “RegreSSHion”, allows Remote Code Execution (RCE) with root privileges due to a signal handler race condition. This regression of CVE-2006-5051 was inadvertently reintroduced in an update. An attacker can exploit it by repeatedly connecting without authenticating, aiming for a precise timing window. Versions 4.4p1 and earlier Detection and Mitigation Oligo ADR can detect abnormal behaviour, including exploitation attempts. Prioritize patching or using workarounds on OpenSSH servers running on glibc-based Linux systems to mitigate this high-risk vulnerability....