CVE-2024-6387 (regreSSHion) is a race condition in OpenSSH's signal handler enabling unauthenticated root RCE on glibc Linux. Upgrade to OpenSSH 9.8p1 immediately. As an interim measure, set LoginGraceTime=0 in sshd_config, though this may create a denial-of-service risk. Over 14 million servers are potentially exposed.
regreSSHion: OpenSSH Remote Code Execution vulnerability in glibc-based Linux systems. Unauthenticated RCE as root.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →