简单总结:
需要爆破一万次以上才能利用

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387) - The Qualys team drops an unauthenticated remote code execution vulerability in OpenSSH, possibly the most audited software project ever. It's a race condition that takes ~10,000 attempts on x86 to exploit, so any type of fail2ban, SSHGuard, or similar protection will likely mitigate the vulnerability, but everyone should update ASAP. This one will have a long tail of exposure - SSH is everywhere. The OpenSSH project recently announced support for built in rate limiting: PerSourcePenalties and PerSourcePenaltyExemptList and the dates line up 🤔.

regreSSHion：基于 glibc 的 Linux 系统上 OpenSSH 服务器中的 RCE （CVE-2024-6387） - Qualys 团队在 OpenSSH 中丢弃了一个未经身份验证的远程代码执行漏洞，这可能是有史以来审计最多的软件项目。这是一种争用条件，需要在 x86 上尝试 ~10,000 次才能利用，因此任何类型的 fail2ban ， SSHGuard 或类似的保护都可能缓解漏洞，但每个人都应该尽快更新。这个会有一个很长的暴露尾巴 - SSH无处不在。OpenSSH项目最近宣布支持内置速率限制：PerSourcePenalty和PerSourcePenaltyExemptList，日期排列🤔。