Critical Vulnerability in OpenSSH, Thursday, 4 July.
Thursday 4 July 24
What is happening:
The NCSC has issued a warning in relation to a high severity “RegreSSHion” SSH Vulnerability in Linux systems that when exploited gives attackers unlimited root-level access to vulnerable systems.
To protect UCD systems and data from the “RegreSSHion” Remote Code vulnerability, systems owner must immediately update vulnerable versions of OpenSSH (CVE-2024-638) on affected system. Please review the recommendations section below for additional security measures.
What is RegreSSHion vulnerability
RegreSSHion is a (opens in a new window)high severity (CVSS 8.1) remote unauthenticated code execution (RCE) vulnerability (CVE-2024-6387) identified in the OpenSSH server (sshd) on glibc-based Linux systems. This vulnerability allows attackers to gain full root access without requiring any user interaction putting vulnerable systems at risk of compromise, data breach, spreading malware, etc.
Affected Systems
For a full list of affected systems visit (opens in a new window)Qualys Security Blog (https://www.qualys.com/regresshion-cve-2024-6387/)
Recommendations to all Server Administrators:
- If SSH is not required the service should be removed, stopped or disabled.
- Immediately update your OpenSSH server to a version that addresses CVE-2024-6387. Refer to the official OpenSSH website for the latest version and upgrade instructions:(opens in a new window) https://www.openssh.com/
- If external SSH access (inbound) to your server is no longer required, please contact the IT Support Hub to request that it is blocked.
- Review and implement(opens in a new window) UCD’s server security recommendations.
Additional Support
To find out how to request access to the (opens in a new window)staff VPN or if you have further support requirements, please visit IT Services IT Support hub
UCD IT Services
Computer Centre, University College Dublin, Belfield, Dublin 4, Ireland.Contact us via the UCD IT Support Hub: www.ucd.ie/ithelp