The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
The Cyber Threat Perspective
Episode 100: The OpenSSH RegreSSHion Vulnerability
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6409
- https://nvd.nist.gov/vuln/detail/CVE-2024-6387
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technology
- https://www.infosecurity-magazine.com/news/chinese-state-exploits/
- https://x.com/fofabot/status/1810622161192919350
- https://justpaste.it/do235
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
