Header image

OpenSSH Vulnerability Could Affect 14 Million

Warning that the vulnerability allows unauthenticated remote code execution as root.

A Remote Unauthenticated Code Execution vulnerability has been discovered in the OpenSSH’s server.

According to the detection by Qualys Threat Research Unit, the vulnerability allows unauthenticated remote code execution as root on glibc-based Linux systems, and based on Censys and Shodan searches, over 14 million potentially vulnerable OpenSSH server instances have been identified as being exposed to the Internet. 

Also, anonymized data from Qualys found that approximately 700,000 external internet-facing instances are vulnerable - accounting for 31% of all internet-facing instances with OpenSSH in its global customer base.

Previously Patched Vulnerability

This vulnerability has been identified as CVE-2024-6387, and is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. Bharat Jogi, senior director of the Qualys Threat Research Unit, said a regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue.

“This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment,” he said. “This regression was introduced in October 2020 (OpenSSH 8.5p1).”

OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.

Qualys warned that if exploited, this vulnerability could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access.

Exploit could also facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image