Warning that the vulnerability allows unauthenticated remote code execution as root.
A Remote Unauthenticated Code Execution vulnerability has been discovered in the OpenSSH’s server.
According to the detection by Qualys Threat Research Unit, the vulnerability allows unauthenticated remote code execution as root on glibc-based Linux systems, and based on Censys and Shodan searches, over 14 million potentially vulnerable OpenSSH server instances have been identified as being exposed to the Internet.
Also, anonymized data from Qualys found that approximately 700,000 external internet-facing instances are vulnerable - accounting for 31% of all internet-facing instances with OpenSSH in its global customer base.
This vulnerability has been identified as CVE-2024-6387, and is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. Bharat Jogi, senior director of the Qualys Threat Research Unit, said a regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue.
“This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment,” he said. “This regression was introduced in October 2020 (OpenSSH 8.5p1).”
OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Qualys warned that if exploited, this vulnerability could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access.
Exploit could also facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
