Over 14 million OpenSSH instances exposed to the internet are now at risk following the discovery of a critical vulnerability in OpenSSH's server, according to a new analysis by Qualys.
The remote unauthenticated code execution vulnerability could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges.
The researchers also warned that gaining root access via this CVE would allow threat actors to further obscure their activities by bypassing critical security mechanisms such as firewalls, intrusion detection systems and logging mechanisms.
The vulnerability, dubbed regreSSHion, has been rated severe and critical, especially for enterprises that rely heavily on OpenSSH for remote server management.
OpenSSH is a connectivity tool for remote sign-in that uses the Secure Shell protocol, which is used to enable secure communication over unsecured networks.
The tool supports various encryption technologies and is standard on multiple Unix-like systems, including macOS and Linux.
This particular vulnerability impacts glibc-based Linux systems.
OpenBSD systems are unaffected by the vulnerability due to a secure mechanism developed by OpenBSD in 2001.
Qualys said it has identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet, based on searches using Censys and Shodan.
Approximately 700,000 external internet-facing instances are vulnerable across Qualys' global customer base.
The RCE is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.
A regression can occur when a previously fixed flaw reappears in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue.
The researchers noted that the vulnerability is challenging to exploit due to its remote race condition nature requiring multiple attempts for a successful attack.
This can cause memory corruption and necessitates overcoming Address Space Layout Randomization.
OpenSSH versions earlier than 4.4p1 are vulnerable to compromise due to this flaw, unless they are patched for CVE-2006-5051 and CVE-2008-4109.
The vulnerability also resurfaces in v8.5p1 up to, but not including, 9.8p1, due to the accidental removal of a critical component in a function.
Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 01 Jul 2024 13:00:06 +0000