"Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack"
A newly disclosed vulnerability called "regreSSHion" could allow unauthenticated Remote Code Execution (RCE) on millions of OpenSSH servers. Qualys' threat research unit found the critical flaw, which is as severe as the 2021 "Log4Shell" vulnerability. According to the company, the OpenSSH server process 'sshd' is impacted by a signal handler race condition enabling unauthenticated RCE with root privileges on glibc-based Linux systems. The vulnerability can lead to the takeover of a system, potentially resulting in malware installation and backdoor creation. This article continues to discuss the vulnerability of millions of OpenSSH servers to the remote regreSSHion attack.
Submitted by grigby1
Submitted by Gregory Rigby
on