Post

For my IT peeps: I'm guessing if you're in the SysAdmin/DevOps world, you've heard about the "regreSSHion" vulnerability by now (if not, check out - blog.qualys.com/vulnerabilit...). There's also a site that allows you to perform testing against your endpoints: regresshion.io. Stay safe out there!

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blogblog.qualys.com The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this…

FWIW, my understanding is that the attack would require many, many thousands of attempts against an x64-based system, which is why the post talks about exploitation against x86. Typically, somebody finds a shortcut that cuts the number of requests drastically, so get it patched b4 that happens.

More specifically, the Qualys team reported that it took 3-4 hours and around 10k requests to successfully exploit the bug on x86, and that x64 would require an order of magnitude more requests. I'll say it again, Fail2ban (github.com/fail2ban/fai...) is your friend, people!

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errorsgithub.com Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2ban