Dear valued customer,
On July 1, 2024, a critical-level vulnerability was publicly reported against the popular OpenSSH server daemon. The vulnerability is formally filed as CVE-2024-6387 and has been dubbed “RegreSSHion” because it’s a regression of a vulnerability originally discovered in 2006.
We want to assure you that Cloudex is working diligently with our customers to remediate high-risk exposure to this attack. If you haven’t heard from us in private yet, that’s a good sign!
At this juncture we wanted to take a few moments of your time to acquaint you with the most important information about this attack. For full details, you can look at the original report by Qualsys, the research group that reported the vulnerability[1][2].
Q: How do I protect my systems?
A: Most OS vendors have already released patched versions of OpenSSH that remediate the vulnerabilities. Ubuntu[3], Debian[4], Amazon Linux[5] and Google Container Optimized OS (COS)[6] have all published patched versions of the software, and due to the severity of the attack, patches continue to be released regularly.
If a patch is not available for your OS or you require more time to patch the underlying software, it is also possible to reconfigure a vulnerable version of OpenSSH to not expose the vulnerability by modifying your ssh daemon configuration file, typically found at, /etc/ssh/sshd_config and changing the value for LoginGraceTime to 0. The SSH daemon will need to be restarted for this change to be applied.
NOTE It is important to note that these mitigation instructions will introduce a lower-severity vector for a denial-of-service (DoS) attack. While this is preferable to the RegreSSHion attack, it should be used as a temporary solution where possible, and affected systems should be patched as soon as the OS or software vendor releases a fix.
Q: How dangerous is it?
A: Potentially, very dangerous. Because the attack uses the pre-authentication phase of the SSH session, any system with an exposed vulnerable SSH daemon can be targeted. A successful attack will allow root access to the system.
However, despite the public availability of PoC attack code, two days after its been announced there has yet to be widespread knowledge of successful attacks, indicating that real-world attacks are likely more difficult than lab conditions, at least thus far.
Q: I have more questions. I want help!
A: We have you covered! Please reply to this email or reach out to info@cloudex.co.il and one of our specialists will get back to you as soon as possible.
Q: Am I affected?
A: on the first comment