Nasty regreSSHion bug in OpenSSH

Ice Tea · 2 Jul 2024 at 09:33

Nasty regreSSHion bug affects around 700K Linux systems

Full system takeovers on the cards, for those with enough patience to pull it off

www.theregister.com

Ubuntu has updated versions here, and NixOS has also been busy over the past few hours – users can go here, at least.

Check your distro for updates – there will probably be some.

kindai · 2 Jul 2024 at 10:14

Nasty indeed.

Fortunately of all my customer servers only a handful needed patching. But those ones were behind IP restricted firewalls.

Throrik · 2 Jul 2024 at 10:22

Fortunately no internet facing SSH for me, but will be patching nonetheless.

Scott C · 2 Jul 2024 at 20:32

So definitely one to patch but some mitigating factors at least are...

There doesn't appear to be a working exploit against a 64bit OS (yet...)
Attacker has to know the specific OS that is running
Can take up to 8 hours and as many as 10,000 attempts

So unless you're desperately unlucky even a vulnerable version with any kind of reasonable session or rate-limiting in place should offer you fair protection against this

LostCorpse · 3 Jul 2024 at 10:10

and all those IOT devices that wont get patched.
Door Access / Building Management System / Cameras / Enviromental monitors / meeting room equipment to name but a few items.

Scott C · 3 Jul 2024 at 10:30

LostCorpse said:
and all those IOT devices that wont get patched.
Door Access / Building Management System / Cameras / Enviromental monitors / meeting room equipment to name but a few items.

And there's probably a frightening number of them remotely accessible :/

Nasty regreSSHion bug in OpenSSH

More options

Ice Tea

Ice Tea

Nasty regreSSHion bug affects around 700K Linux systems

kindai

kindai

Sgarrista

Throrik

Throrik

Scott C

Scott C

LostCorpse

LostCorpse

Scott C

Scott C