04. July 2024 - Service Announcement Protection against regreSSHion: external SSH connections blocked

Dear Users,

As you have probably already learnt from the media [1,2], unpatched SSH instances are currently exposed to a greatly increased risk. The vulnerability called regreSSHion allows unauthenticated attackers to execute arbitrary code on vulnerable computers with system administrator rights via the network. Our investigation has revealed that a large number of systems in the university's address range appear to be vulnerable.

For this reason, access to port 22 from outside the BelWue network is temporarily blocked.

This means that attacks but also regular connections from outside will no longer be possible. Please use the university VPN for external access to SSH. If you absolutely need access via SSH from outside without VPN, please contact us by e-mail.

We will inform the administrators of the affected systems separately. If you already know or suspect that your systems are using the vulnerable OpenSSH versions (see links) and are accessible from the Internet, we recommend the following measures before we re-enable the port:

  • Immediate update: Install the latest security updates for OpenSSH provided by the developers immediately.
  • Check your systems: Check your systems for signs of a possible attack. Pay particular attention to unusual activities in the logs.
  • Set up a firewall: Consider from where access to the various services must be possible and adjust the firewall rules accordingly. Ideally, the system should no longer be accessible worldwide via SSH, but only from within the university network, for example.

We ask for your understanding for this drastic but unavoidable measure. Damage to the integrity and thus the trustworthiness of the vulnerable systems as well as the dangers and expenses caused by presumably infiltrated APTs absolutely had to be avoided.

If you have any questions or comments, please do not hesitate to contact us by e-mail.
 

Yours sincerely
IT Security
 

[1] https://bwinfosec.de/news/cve20246387/
[2] https://www.heise.de/news/RegreSSHion-Sicherheitsluecke-in-OpenSSH-gibt-geduldigen-Angreifern-Root-Rechte-9784976.html