OpenSSH Server RCE Vulnerability

Security researchers have uncovered a significant remote code execution flaw in Open Secure Shell (OpenSSH) servers.

Over 14 million instances of potentially susceptible OpenSSH were thought to be exposed to the internet.

Millions of OpenSSH servers are susceptible to a critical vulnerability that allows remote code execution operations, bypassing authentication safeguards. A security research team at Qualys found the bug, known as regreSSHion (CVE-2024-6387). The bug primarily affects Glibc-based Linux systems. So far, whether the flaw impacts Windows or Mac systems is unclear.

According to the research team, a signal handler race condition allows unauthenticated remote code execution with root privileges on glibc-based Linux systems, affecting OpenSSH servers’ ‘sshd’ process. This, in turn, can result in a complete system takeover, allowing easy creation of backdoors or installation of malware threats. The new flaw is considered as severe as the Log4Shell vulnerability of 2021.

See More: Skybox Security Report Reveals Key Vulnerability Trends Over Past Year

OpenSSH is used extensively for data communication and remote server management to secure channels in a client-server architecture on an unsecured network. The bug is a regression of CVE-2006-5051, which was introduced with the release of the 8.5p1 version of OpenSSH and removed later with the 9.8p1 version.

According to the Qualys team, over 14 million potentially vulnerable OpenSSH instances were found, with over 700,000 cases in its customers’ systems. While the security firm shared technical details about the bug, it has not shared the proof of concept code to minimize the risk of malicious exploitation. Users have been recommended to update their systems or download patches from an official source. Users are encouraged to enforce network segmentation to minimize lateral movement and limit SSH access via network-based controls.