Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet.
In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, detailed an unauthenticated remote code execution vulnerability, tracked as CVE-2024-6387, discovered in OpenSSH's server on glibc-based Linux systems.
Qualys determined that CVE-2024-6387 is a regression of a previously patched vulnerability, tracked as CVE-2006-5051, and could allow an unauthenticated attacker to execute remote code with root privilege.
OpenSSH software tools are widely used to help encrypt and secure communications such as file transfer, which has emerged as a popular target for attackers in recent years.
The broad use of OpenSSH now poses significant concerns.
Jogi added that more than 0.14% of vulnerable instances are running an OpenSSH version that's reached end of life.
He also warned enterprises that CVE-2024-6387 affects OpenSSH versions earlier than 4.4p1 unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Patching is crucial because Qualys discovered that exploitation could lead to full system compromise and let an attacker install malware, manipulate data and create backdoors to maintain persistence access to a victim environment.
Qualys stressed that this recent flaw shows problems that can arise when regression testing is not properly performed.
CVE-2024-6387 is a regression of CVE-2006- 5051, which Jogi said typically indicates changes or updates made in subsequent software releases that inadvertently reintroduced a previously patching vulnerability.
Though the fix is part of a major update to OpenSSH, users can upgrade to the latest version released on Monday, which is 9.8p1, or apply a fix to older versions.
OpenSSH's release notes emphasized that the fixed version addressed the race condition in OpenSSH's server.
The open source project labeled the flaw as critical, though no CVSS score has been assigned as of yet.
While OpenSSH highlighted Qualys' successful exploitation on 32-bit Linux/glibc systems and applauded the vendor for the discovery, it appears other versions may be susceptible as well.
Jake Williams, an infosec professional and faculty member at IANs research, noted in a post on X, formerly Twitter, that exploitation has only been proven against x86 versions and not x64 servers.
Abbasi added that while Qualys does not have visibility into current patching rates, most distributions with OpenSSH are in the process of releasing the patch.
According to Tenable Research, OpenSSH is deployed in over 67% of organizations' environments.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.
This Cyber News was published on www.techtarget.com. Publication date: Mon, 01 Jul 2024 20:43:05 +0000