July, 2024, a security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). The exploit is explained as follows:

A critical signal handler race condition vulnerability has been introduced in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, called RegreSSHion and identified by code CVE-2024-6387, can result in unauthenticated remote code execution (RCE) with root privileges. This vulnerability has been rated High severity (CVSS 8.1).

This vulnerability can be exploited remotely on glibc-based Linux systems due to syslog() calling async-signal-unsafe functions like malloc() and free(), leading to unauthenticated remote code execution as root.

This occurs because sshd’s privileged code is not isolated and runs with full privileges. OpenBSD is not vulnerable because its signal alarm (SIGALRM) handler uses syslog_r(), an async-signal-safe version of syslog().

This vulnerability impacts the following OpenSSH server versions:

Vulnerable in Open SSH Server version 9.2p1-2+deb12u2 (SKUDONET 10.0.0)
Fixed in Open SSH Server version 9.2p1-2+deb12u3 (SKUDONET 10.0.1)

SKUDONET customers receive protections and mitigations for CVE-2024-6387 through our packages update channel (included in any support level), all the SKUDONET appliances are connected to our package repository system and the SKUDONET Operating System checks daily if some packages are pending of update.

This vulnerability is fixed in SKUDONET 10.0.1, package openssh 1:9.2p1-2+deb12u3, SKUDONET 6 is not affected by this vulnerability

SKUDONET recommends updating SKUDONET Operating Systems frequently to avoid vulnerabilities exploitation.

Refer to our timeline to check CVE resolutions

Was this article helpful?

Need Support?

Can't find the answer you're looking for?
Contact Support

Download Skudonet ADC Load Balancer
Community Edition

Source Code

A versatile and installable ADC system designed for diverse vendor hardware.


Installable ISO 

Load Balancing as a Service alongside an ADC orchestration toolkit.

Download Community Edition

Download Community Edition

“We manage the information you provide with the sole aim of assisting with your requests or queries in regards to our products or services; applying the computer and security procedures to ensure its protection. Your data can be rectified or removed upon request but won’t be offered to any third parties, unless we are legally required to do so.” Responsible: SKUDONET SL -