RegreSSHion checker
Check if a server is running a vulnerable version of OpenSSH (CVE-2024-6387, also known as regreSSHion).
sftpcloud.io
Check server
A check will be performed and no data is stored.
Frequently asked questions
- What is the regreSSHion vulnerability?
- The regreSSHion vulnerability (CVE-2024-6387) is a remote unauthenticated code execution vulnerability in OpenSSH's server (sshd) that affects glibc-based Linux systems. It is a signal handler race condition that allows attackers to potentially execute arbitrary code with root privileges.
- Why is the vulnerability called "regreSSHion"?
- The name "regreSSHion" is a play on words, combining "regression" and "SSH". It's called a regression because this vulnerability is actually a reappearance of a previously patched vulnerability (CVE-2006-5051) from 2006. The issue was inadvertently reintroduced in OpenSSH 8.5p1 in October 2020.
- Is there a working exploit for this vulnerability?
- Qualys, who discovered the vulnerability, has developed a working exploit. However, as part of responsible disclosure practices, they are not releasing the exploit code publicly. This gives organizations time to patch their systems before potential attackers can develop their own exploits.
- How severe is this vulnerability?
- This vulnerability is considered high severity as it allows unauthenticated remote code execution with root privileges. If exploited, it could lead to full system compromise, allowing attackers to install malware, manipulate data, and create backdoors for persistent access.
- Is there a patch available?
- Yes, there are two main patching approaches. You can upgrade to OpenSSH version 9.8p1, which includes a fix for this vulnerability and is the most comprehensive solution. Alternatively, you can apply a fix to older versions as outlined in the advisory, which most vendors will provide.
- Are there any mitigations available if I can't patch immediately?
- Yes, if immediate patching is not possible, you can mitigate the risk by setting LoginGraceTime to 0 in the sshd config file. This prevents the remote code execution risk but may expose the system to a denial of service attack.