HomeRisk ManagementsVulnerability in OpenSSH called regreSSHion places millions of servers in jeopardy

Vulnerability in OpenSSH called regreSSHion places millions of servers in jeopardy

Published on

spot_img

Researchers have detailed a new exploit that takes advantage of a vulnerability in the OpenSSH software, demonstrating how a targeted attack could potentially lead to remote code execution with a root shell. The exploit targets Linux systems using the glibc C library, specifically focusing on 32-bit versions where the Address Space Layout Randomization (ASLR) is less effective due to the reduced memory space.

In a technical advisory published by the researchers, they explained the theoretical and practical aspects of the exploit. They highlighted the need to find a specific code path in sshd that, if interrupted at the right time by SIGALRM, would leave the system in an inconsistent state that could be exploited. The researchers emphasized the challenge of reaching this code path and maximizing the chances of interrupting it at the right moment, particularly when attempting to trigger the exploit remotely.

During their testing, the researchers targeted OpenSSH 9.2p1 on a Debian Linux i386 system. They found that it took approximately 10,000 attempts to successfully exploit the vulnerability and achieve remote code execution. This process involved creating 100 concurrent connections with a default LoginGraceTime of 120 seconds. However, due to the unpredictability caused by ASLR in the glibc library, correctly guessing the memory address added to the complexity of the exploit.

On 64-bit systems, the researchers noted that while exploitation is still possible, it may be more challenging compared to 32-bit systems. The increased memory space and stronger ASLR implementation on 64-bit systems could result in longer exploitation times. In their testing, achieving remote code execution with a root shell on a 64-bit system could take between 6-8 hours due to the difficulties in accurately guessing memory addresses.

The researchers’ findings underscore the importance of addressing vulnerabilities in critical software components like OpenSSH. By highlighting the potential risks associated with exploitable flaws, they aim to raise awareness among system administrators and developers about the need for robust security measures. As cyber threats continue to evolve, staying vigilant and proactive in addressing security vulnerabilities is essential to safeguarding systems and data from malicious attacks.

Overall, the researchers’ work serves as a reminder of the ongoing challenges in cybersecurity and the need for constant monitoring and mitigation of potential threats. With new exploits and vulnerabilities emerging regularly, the importance of timely software updates and patches cannot be understated in maintaining a secure and resilient IT infrastructure.

Source link

Latest articles

Citrix Addresses NetScaler Vulnerabilities with New Patches – CyberMaterial

Citrix Urgently Addresses Vulnerabilities in NetScaler Products In a recent development, Citrix has moved to...

Verified X Sponsored Ad Distributes Mac Malware and ConsentFix Compromises Microsoft 365 Accounts

New Malware Campaign Targets Mac Users and Microsoft 365 Accounts In a recent study conducted...

Cisco Unified CM Vulnerability Exploitation

Cisco Systems Confirms Active Exploitation of Unified Communications Manager Vulnerability Cisco Systems has issued an...

Avalon Malware Exploits Legal Documents to Distribute CrownX Ransomware Functions

New Malware Framework, Avalon, Exposed: A Threat to Cybersecurity A recently identified malware framework, dubbed...

More like this

Citrix Addresses NetScaler Vulnerabilities with New Patches – CyberMaterial

Citrix Urgently Addresses Vulnerabilities in NetScaler Products In a recent development, Citrix has moved to...

Verified X Sponsored Ad Distributes Mac Malware and ConsentFix Compromises Microsoft 365 Accounts

New Malware Campaign Targets Mac Users and Microsoft 365 Accounts In a recent study conducted...

Cisco Unified CM Vulnerability Exploitation

Cisco Systems Confirms Active Exploitation of Unified Communications Manager Vulnerability Cisco Systems has issued an...