CyberSecurityBoard
Sponsor Register Login

Critical OpenSSH vulnerability could affect millions of servers

Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet.
In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, detailed an unauthenticated remote code execution vulnerability, tracked as CVE-2024-6387, discovered in OpenSSH's server on glibc-based Linux systems.
Qualys determined that CVE-2024-6387 is a regression of a previously patched vulnerability, tracked as CVE-2006-5051, and could allow an unauthenticated attacker to execute remote code with root privilege.
OpenSSH software tools are widely used to help encrypt and secure communications such as file transfer, which has emerged as a popular target for attackers in recent years.
The broad use of OpenSSH now poses significant concerns.
Jogi added that more than 0.14% of vulnerable instances are running an OpenSSH version that's reached end of life.
He also warned enterprises that CVE-2024-6387 affects OpenSSH versions earlier than 4.4p1 unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Patching is crucial because Qualys discovered that exploitation could lead to full system compromise and let an attacker install malware, manipulate data and create backdoors to maintain persistence access to a victim environment.
Qualys stressed that this recent flaw shows problems that can arise when regression testing is not properly performed.
CVE-2024-6387 is a regression of CVE-2006- 5051, which Jogi said typically indicates changes or updates made in subsequent software releases that inadvertently reintroduced a previously patching vulnerability.
Though the fix is part of a major update to OpenSSH, users can upgrade to the latest version released on Monday, which is 9.8p1, or apply a fix to older versions.
OpenSSH's release notes emphasized that the fixed version addressed the race condition in OpenSSH's server.
The open source project labeled the flaw as critical, though no CVSS score has been assigned as of yet.
While OpenSSH highlighted Qualys' successful exploitation on 32-bit Linux/glibc systems and applauded the vendor for the discovery, it appears other versions may be susceptible as well.
Jake Williams, an infosec professional and faculty member at IANs research, noted in a post on X, formerly Twitter, that exploitation has only been proven against x86 versions and not x64 servers.
Abbasi added that while Qualys does not have visibility into current patching rates, most distributions with OpenSSH are in the process of releasing the patch.
According to Tenable Research, OpenSSH is deployed in over 67% of organizations' environments.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 01 Jul 2024 20:43:05 +0000


Cyber News related to Critical OpenSSH vulnerability could affect millions of servers

Critical OpenSSH vulnerability could affect millions of servers - Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet. In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, ...
4 days ago Techtarget.com
Openssh Flaw Exposes Millions of Linux to Arbitrary Code Attacks - A critical vulnerability has been discovered in OpenSSH, a widely used implementation of the SSH protocol, which could potentially expose millions of Linux systems to arbitrary code execution attacks. The flaw, identified in the sshd(8) component of ...
4 days ago Cybersecuritynews.com
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
3 days ago Unit42.paloaltonetworks.com
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack - Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution. The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at ...
4 days ago Securityweek.com
Critical OpenSSH Flaw Enables Full System Compromise - Over 14 million OpenSSH instances exposed to the internet are now at risk following the discovery of a critical vulnerability in OpenSSH's server, according to a new analysis by Qualys. The remote unauthenticated code execution vulnerability could ...
4 days ago Infosecurity-magazine.com
New regreSSHion OpenSSH RCE bug gives root on Linux servers - OpenSSH is a suite of networking utilities based on the Secure Shell protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP. The flaw, discovered by researchers at ...
4 days ago Bleepingcomputer.com
Debian and Ubuntu Fixed OpenSSH Vulnerabilities - Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package. In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature ...
5 months ago Securityboulevard.com
A Fix is Available for a Security Flaw that Could Allow Unauthorized Access Before Authentication - The maintainers of OpenSSH have released a new version, 9.2, to fix a number of security issues, including a memory safety vulnerability in the OpenSSH server. This vulnerability, tracked as CVE-2023-25136, is a pre-authentication double free ...
1 year ago Thehackernews.com
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
2 months ago
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
7 months ago Cysecurity.news
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
4 days ago Packetstormsecurity.com
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
4 days ago Blog.qualys.com
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
1 year ago Heimdalsecurity.com
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
1 month ago Darkreading.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
7 months ago Bleepingcomputer.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
5 months ago Cisa.gov
Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware - A sophisticated attack campaign codenamed RE#TURGENCE by researchers has been discovered infiltrating Microsoft SQL database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware ...
5 months ago Darkreading.com
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
6 months ago Cybersecuritynews.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 days ago Securityaffairs.com
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
4 months ago Bleepingcomputer.com
Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
1 year ago Cybersecuritynews.com
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
1 year ago Bleepingcomputer.com
Botnets Exploit Realtek SDK Bug in Millions of Attacks - Ensure Your Security - A new report has highlighted how botnets are exploiting a critical bug in the Realtek SDK, allowing attackers to access and manipulate millions of devices with alarming ease. According to Radware’s research, device owners may be vulnerable to ...
1 year ago Bleepingcomputer.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
7 months ago Bleepingcomputer.com
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)