#RegreSSHion: Remote Code Execution #Vulnerability In #OpenSSH Server

source: https://www.phoronix.com/news/RegreSSHion-CVE-2024-6387

#exploit #security #software #server #news #update #patch #cybersecurity

Service outage / Coupure de service

une mise à jour de #openssh pour #FreeBSD est en attente sur le serveur popeye. Je vais lancer la procédure dans la soirée, les services suivant vont être indisponible un petit moment.

#openssh security patche on #FreeBSD is pending on the popeye server.I will proceed to server and jails upgrades later in the evening.

The following services will be unavailable for a while:

• diaspora
• wiki
• Matrix
• git
• epee

#podmin #freebsd #security

Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable #OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base. Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running.

…The vulnerability, which is a signal handler race condition in OpenSSH's server (#sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based #Linux systems.

In our #security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this…

Une mise à jour pour FreeBSD est en attente sur le serveur popeye.
Je vais lancer la procédure dans la journée, demain mercredi. les services suivant vont être indisponible un petit moment.

A set of FreeBSD patches are pending on the popeye server.

I will proceed to server and jails upgrades during the day tomorrow, on Wednesday 20.

The following services will be unavailable for a while:

• diaspora
• wiki
• Matrix
• git
• epee

#podmin #freebsd #security #openssh

FreeBSD Errata Notices

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

Une faille de sécurité a été trouvée dans le protocole SSH

#OpenSSH sort la 9.6 pour réduire l'ange d'attaque.

#FreeBSD devrait suivre.

#security #ssh #freebsd #openbsd

This Week in Security: Dating App, WooCommerce, and OpenSSH

#computerhacks #hackadaycolumns #news #securityhacks #openssh #thisweekinsecurity #woocommerce #hackaday
posted by pod_feeder_v2

This Week In Security: Dating App, WooCommerce, And OpenSSH

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort…

SSH Can Handle Spaces In Command-line Arguments Strangely

#linuxhacks #bug #linux #openssh #parsing #ssh #hackaday
posted by pod_feeder_v2

SSH Can Handle Spaces In Command-line Arguments Strangely

One of the things ssh can do is execute a command on a remote server. Most of us expect it to work transparently when doing so, simply passing the command and its arguments on without any surprises…

#openSSH 8.9 Released, Removes Support for MD5-Hashed Passwords http://www.tuxmachines.org/node/161773#comment-32927

● NEWS ● #OpenSSH #BSD ☞ OpenSSH 8.9 Released https://www.openssh.com/txt/release-8.9

Links 23/2/2022: #OpenSSH 8.9, Levente Polyak Cemented as Arch Project Leader, Intel Acquires Linutronix • Techrights ⚓ http://techrights.org/2022/02/23/intel-acquires-linutronix/ ䷉ #Techrights #GNU #Linux #FreeSW | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/23/intel-acquires-linutronix/

Links 23/2/2022: OpenSSH 8.9, Levente Polyak Cemented as Arch Project Leader, Intel Acquires Linutronix

Links for the day

#OpenSSH 8.9 released • Tux Machines ⇨ http://www.tuxmachines.org/node/161773 #BSD #UNIX #openbsd #TuxMachines

Emmerdez les pirates SSH avec Endlessh !

Comments

https://www.geeek.org/bruteforce-ssh-endlessh/

#sécurité #openssh

Configurer et sécuriser un serveur SSH

Comments

https://mtacnet.tech/posts/ssh_security.html

#sécurité #openssh

#ProxyJump in #OpenSSH https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Conditional_Use_of_Jump_Hosts

● NEWS ● #OpenSSH ☞ SSH agent restriction https://www.openssh.com/agent-restrict.html

Reminder that #ssh merphed into a company, just like PGP. Not the same as #openssh https://www.streetinsider.com/Globe+Newswire/PRESS+RELEASE+-+A+Fortune+500+Financial+Institution+Chooses+Universal+SSH+Key+Manager®/19365092.html

StreetInsider.com - Globe Newswire

SSH via Tor

Comments

https://computerz.solutions/ssh-via-tor/

#openssh

Virtualbox : Votre devbox virtualisée sur n'importe quelle plateforme

Si vous travaillez sur Windows, vous avez déjà sûrement considéré le
problème de la virtualisation et de ses solutions trop “bloat”. Dans ce
tutoriel, je vous propose de configurer une machine virtuelle VirtualBox
sans affichage pour travailler avec SSH.

Comments

https://khyrthy.github.io/posts/setup-vm/

#debian #virtualisation #openssh #archlinux

#OpenSSH, Squid, PostgreSQL Update in #Tumbleweed • 𝖳𝗎𝗑 𝖬𝖺𝖼𝗁𝗂𝗇𝖾𝗌 ⇨ http://www.tuxmachines.org/node/156835 #GNU #Linux #TuxMachines

● NEWS ● #uniToronto ☞ The #OpenSSH server has limits on what user authentication you can use https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHAuthConfigLimits