CyberSecurityBoard
Sponsor Register Login

Critical OpenSSH vulnerability could affect millions of servers

Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet.
In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, detailed an unauthenticated remote code execution vulnerability, tracked as CVE-2024-6387, discovered in OpenSSH's server on glibc-based Linux systems.
Qualys determined that CVE-2024-6387 is a regression of a previously patched vulnerability, tracked as CVE-2006-5051, and could allow an unauthenticated attacker to execute remote code with root privilege.
OpenSSH software tools are widely used to help encrypt and secure communications such as file transfer, which has emerged as a popular target for attackers in recent years.
The broad use of OpenSSH now poses significant concerns.
Jogi added that more than 0.14% of vulnerable instances are running an OpenSSH version that's reached end of life.
He also warned enterprises that CVE-2024-6387 affects OpenSSH versions earlier than 4.4p1 unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Patching is crucial because Qualys discovered that exploitation could lead to full system compromise and let an attacker install malware, manipulate data and create backdoors to maintain persistence access to a victim environment.
Qualys stressed that this recent flaw shows problems that can arise when regression testing is not properly performed.
CVE-2024-6387 is a regression of CVE-2006- 5051, which Jogi said typically indicates changes or updates made in subsequent software releases that inadvertently reintroduced a previously patching vulnerability.
Though the fix is part of a major update to OpenSSH, users can upgrade to the latest version released on Monday, which is 9.8p1, or apply a fix to older versions.
OpenSSH's release notes emphasized that the fixed version addressed the race condition in OpenSSH's server.
The open source project labeled the flaw as critical, though no CVSS score has been assigned as of yet.
While OpenSSH highlighted Qualys' successful exploitation on 32-bit Linux/glibc systems and applauded the vendor for the discovery, it appears other versions may be susceptible as well.
Jake Williams, an infosec professional and faculty member at IANs research, noted in a post on X, formerly Twitter, that exploitation has only been proven against x86 versions and not x64 servers.
Abbasi added that while Qualys does not have visibility into current patching rates, most distributions with OpenSSH are in the process of releasing the patch.
According to Tenable Research, OpenSSH is deployed in over 67% of organizations' environments.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 01 Jul 2024 20:43:05 +0000


Cyber News related to Critical OpenSSH vulnerability could affect millions of servers

Critical OpenSSH vulnerability could affect millions of servers - Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet. In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, ...
9 months ago Techtarget.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109 CVE-2006- 5051
Openssh Flaw Exposes Millions of Linux to Arbitrary Code Attacks - A critical vulnerability has been discovered in OpenSSH, a widely used implementation of the SSH protocol, which could potentially expose millions of Linux systems to arbitrary code execution attacks. The flaw, identified in the sshd(8) component of ...
9 months ago Cybersecuritynews.com
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
9 months ago Unit42.paloaltonetworks.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks - "The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to "yes" or "ask" (its default is "no"), requires no user interaction, and does not depend on the existence of an SSHFP resource ...
1 month ago Bleepingcomputer.com CVE-2025-26465 CVE-2025-26466
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack - Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution. The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at ...
9 months ago Securityweek.com CVE-2024-6387 CVE-2006-5051
Critical OpenSSH Flaw Enables Full System Compromise - Over 14 million OpenSSH instances exposed to the internet are now at risk following the discovery of a critical vulnerability in OpenSSH's server, according to a new analysis by Qualys. The remote unauthenticated code execution vulnerability could ...
9 months ago Infosecurity-magazine.com CVE-2006-5051 CVE-2008-4109
New regreSSHion OpenSSH RCE bug gives root on Linux servers - OpenSSH is a suite of networking utilities based on the Secure Shell protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP. The flaw, discovered by researchers at ...
9 months ago Bleepingcomputer.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109
Debian and Ubuntu Fixed OpenSSH Vulnerabilities - Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package. In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature ...
1 year ago Securityboulevard.com CVE-2021-41617
OpenSSH Vulnerabilities Expose Clients and Servers to MitM & DoS Attacks - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With OpenSSH integral to enterprise infrastructure, these vulnerabilities pose significant risks to data integrity, system ...
1 month ago Cybersecuritynews.com CVE-2025-26465 CVE-2025-26466
A Fix is Available for a Security Flaw that Could Allow Unauthorized Access Before Authentication - The maintainers of OpenSSH have released a new version, 9.2, to fix a number of security issues, including a memory safety vulnerability in the OpenSSH server. This vulnerability, tracked as CVE-2023-25136, is a pre-authentication double free ...
2 years ago Thehackernews.com CVE-2023-25136
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
4 months ago
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
1 year ago Cysecurity.news CVE-2021-27065
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
2 years ago Heimdalsecurity.com
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
9 months ago Blog.qualys.com CVE-2024-6387 CVE-2006-5051
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
9 months ago Packetstormsecurity.com CVE-2024-6387 CVE-2006-5051
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
10 months ago Darkreading.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com CVE-2023-46604 CVE-2023-4660
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
1 year ago Cybersecuritynews.com
Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
2 years ago Cybersecuritynews.com
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
2 years ago Bleepingcomputer.com
Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware - A sophisticated attack campaign codenamed RE#TURGENCE by researchers has been discovered infiltrating Microsoft SQL database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware ...
1 year ago Darkreading.com
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
1 year ago Bleepingcomputer.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
2 weeks ago Cybersecuritynews.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
6 months ago Cyberdefensemagazine.com Akira
Botnets Exploit Realtek SDK Bug in Millions of Attacks - Ensure Your Security - A new report has highlighted how botnets are exploiting a critical bug in the Realtek SDK, allowing attackers to access and manipulate millions of devices with alarming ease. According to Radware’s research, device owners may be vulnerable to ...
2 years ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)