The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory regarding a critical vulnerability in OpenSSH’s server component on Linux systems.
The flaw, known as CVE-2024-6387, or “regreSSHion”, enables unauthenticated remote code execution (RCE) with root privileges, posing a significant threat of complete system compromise.
The vulnerability is associated with OpenSSH’s integration with glibc, which elevates the likelihood of exploitation. It impacts OpenSSH versions 8.5p1 through 9.7p1. To alleviate the situation, the OpenSSH maintainers have implemented security upgrades.
The vulnerability was classified as high severity by the PTA, which urged immediate action. It is strongly advised that OpenSSH users upgrade to the recent version (9.8p1), which is accessible on the official OpenSSH website.
Additionally, it is advised to restrict SSH access, implement network segmentation, and ensure that all systems are consistently updated with the most recent security upgrades to prevent exploitation.
The advisory also guided how to report incidents that were associated with this vulnerability. Users who experience security vulnerabilities are advised to promptly submit them through the PTA CERT Portal or the authority’s official email channels. The objective of these measures is to improve the overall cybersecurity resilience and reduce the risk associated with the regreSSHion vulnerability.
Pakistan Telecommunication Company Limited (PTCL) has told the Senate of Pakistan that government personnel acting…
Punjab Chief Minister Maryam Nawaz, during her official visit to China, announced a collaboration with…
The Senate of Pakistan has passed legislation to establish the National Forensics Agency (NFA), a…
As shocking news broke during a high-level meeting of the Prime Minister’s Committee on IT…
DG Zulfiqar Ahmed has been dismissed from his position by the National Database and Registration…
The Supreme Court of Pakistan’s review bench has determined that payments for the use of…