Cyber Vulnerability
Code Security
Amartya Jha
• 01 July 2024
A major security vulnerability has been found in OpenSSH, potentially leading to remote code execution as the root user on glibc-based Linux systems. It is being referred to as regreSSHion (CVE-2024-6387). This flaw affects versions 8.5p1 to 9.7p1 due to a signal handler race condition in sshd, and it has been identified in 14 million instances.
The Qualys Threat Research Unit (TRU) found a serious security flaw in OpenSSH's server on glibc-based Linux systems. This unauthenticated Remote Code Execution (RCE) vulnerability can give attackers full root access and affects the default configuration without needing user interaction. It's a regression of a previously fixed issue (CVE-2006-5051) and was reintroduced in OpenSSH 8.5p1 in October 2020.
Versions Earlier than 4.4p1: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they have been patched for CVE-2006-5051 and CVE-2008-4109.
Versions 4.4p1 to 8.4p1: Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
Versions 8.5p1 to 9.7p1: The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
This script enables rapid scanning of multiple IP addresses, domain names, and CIDR network ranges to detect potential vulnerabilities and ensure the security of your infrastructure.
Save this below code file as CVE-2024-6387_Check.py
Running script for individual IP address
Examples
Single IP
Running script for multiple IPs
Running script for multiple IPs and domains
Running script for CIDR range
Running script with custom port