Security News

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
2024-08-12 10:15

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable
2024-07-11 19:13

It affects the sshd daemon versions 8.7p1 and 8.8p1, which were used in Fedora 36 and 37 as well as Red Hat Enterprise Linux 9 - and of course the various RHELatives as well. It's not long since the "RegreSSHion" OpenSSH bug, which The Register covered earlier this month and which is more formally known as CVE-2024-6387.

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
2024-07-10 03:26

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution. The vulnerability, tracked as CVE-2024-6409, is distinct from CVE-2024-6387 and relates to a case of code execution in the privsep child process due to a race condition in signal handling.

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk
2024-07-01 14:01

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

New regreSSHion OpenSSH RCE bug gives root on Linux servers
2024-07-01 13:37

A new OpenSSH unauthenticated remote code execution vulnerability dubbed "RegreSSHion" gives root privileges on glibc-based Linux systems. Exploitation of regreSSHion can have severe consequences for the targeted servers, potentially leading to complete system takeover.

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
2024-07-01 10:50

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems....

Terrapin attacks can downgrade security of OpenSSH connections
2023-12-19 17:03

This manipulation lets attackers remove or modify messages exchanged through the communication channel, which leads to downgrading the public key algorithms used for user authentication or disabling defenses against keystroke timing attacks in OpenSSH 9.5. "The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago."

FreeBSD 14.0 released, OpenSSH and OpenSSL updated
2023-11-21 14:08

Please turn on your JavaScript for this page to function normally. FreeBSD provides sophisticated features in networking, performance, security, and compatibility.

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
2023-07-24 09:10

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions."This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
2023-06-22 17:33

Microsoft says Internet-exposed Linux and Internet of Things devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.