In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.Links:https://nvd.nist.gov/vuln/detail/CVE-2024-6409https://nvd.nist.gov/vuln/detail/CVE-2024-6387https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technologyhttps://www.infosecurity-magazine.com/news/chinese-state-exploits/https://x.com/fofabot/status/1810622161192919350https://justpaste.it/do235Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.