The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory highlighting a critical vulnerability in OpenSSH’s server component on Linux systems.
Identified as CVE-2024-6387 and nicknamed “regreSSHion,” this flaw allows unauthenticated remote code execution (RCE) as root. The vulnerability affects OpenSSH versions 8.5p1 through 9.7p1 and poses a severe risk of full system compromise.
According to the advisory, the vulnerability stems from OpenSSH’s integration with glibc, exposing systems to potential exploitation. OpenSSH maintainers have released security patches to address the issue. However, the PTA cautioned that such vulnerabilities may resurface in subsequent updates due to inadvertent regression, emphasizing the critical need for robust testing during development cycles.
The PTA classified the vulnerability as high severity and urged immediate action. Users are strongly advised to upgrade to the latest OpenSSH version (9.8p1) on the official OpenSSH website. Additional recommendations include implementing network segmentation, restricting SSH access, and ensuring all systems are regularly updated with the latest security patches to thwart exploitation.
The advisory also guided reporting incidents related to this vulnerability. Users encountering security breaches are directed to report them promptly via the PTA CERT Portal or through the authority’s official email channels. These measures aim to mitigate the risk posed by the regreSSHion vulnerability while enhancing overall cybersecurity resilience.
📢 For the latest Tech & Telecom news, videos and analysis join ProPakistani's WhatsApp Group now!
Follow ProPakistani on Google News & scroll through your favourite content faster!
Support independent journalism
If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.
they are a bit late for it, it’s already on version 9.9, ofcourse if updated
and the update was released on 22sep24, ahh PTA
This bug was found by Qualys not PTA so in July 2024 so please credit them not PTA when you are writing these blogs.
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server