Header image

OpenSSH Vulnerability Could Affect 14 Million

Warning that the vulnerability allows unauthenticated remote code execution as root.

A Remote Unauthenticated Code Execution vulnerability has been discovered in the OpenSSH’s server.

According to the detection by Qualys Threat Research Unit, the vulnerability allows unauthenticated remote code execution as root on glibc-based Linux systems, and based on Censys and Shodan searches, over 14 million potentially vulnerable OpenSSH server instances have been identified as being exposed to the Internet. 

Also, anonymized data from Qualys found that approximately 700,000 external internet-facing instances are vulnerable - accounting for 31% of all internet-facing instances with OpenSSH in its global customer base.

Previously Patched Vulnerability

This vulnerability has been identified as CVE-2024-6387, and is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. Bharat Jogi, senior director of the Qualys Threat Research Unit, said a regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue.

“This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment,” he said. “This regression was introduced in October 2020 (OpenSSH 8.5p1).”

OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.

Qualys warned that if exploited, this vulnerability could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access.

Exploit could also facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.