New vulnerability "regreSSHion" in Dell iDRAC modules

Attention! We inform about critical security issue that may impact your server. 

 

A significant vulnerability has been found in OpenSSH, named “regreSSHion” and cataloged under CVE-2024-6387. This issue impacts various Dell server models, specifically concerning their iDRAC modules. 

 This vulnerability is categorized as Remote Code Execution (RCE), meaning it can allow unauthorized execution of code on systems running OpenSSH as root without needing login credentials. 

According to security analysts at Sekurak: 

“The vulnerability's name, 'regreSSHion,' reflects its nature as a resurgence of an old flaw, originally identified in 2006 as CVE-2006-5051. This earlier issue involved a race condition in the handling of code signals, which at the time, was identified as potentially leading to service denials or unintended code executions. It was addressed in version 4.4p1 of OpenSSH." 

However, a 2020 update (commit: 752250c) accidentally reintroduced this error in version 8.5p1 of OpenSSH. The problem occurs in the handling of signals in a critical section of the code that operates without the protection of a sandbox, leading to possible execution of code with root privileges. 

OpenSSH libraries are widely used in remote server management modules across the industry. For information on Dell servers and the affected iDRAC modules, please visit Dell’s official support page: 

https://www.dell.com/support/kbdoc/en-ca/000226708/dsn-2024-001

We recommend staying informed through regular updates from the manufacturer’s website. 

For assistance or if you have any questions about this vulnerability, please reach out to us.