🔗 Security Engineering Blog

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

2024-07-10 03:26:00 UTC

A new vulnerability has been found in select versions of OpenSSH, potentially allowing for remote code execution. Dubbed CVE-2024-6409 with a CVSS score of 7.0, this flaw is separate from the previously discovered RegreSSHion (CVE-2024-6387). The vulnerability exists in versions 8.7p1 and is caused by a race condition in signal handling leading to code execution in the privsep child process. Users are advised to update to the latest version to mitigate the risk.

Read More