CyberSecurityBoard
Sponsor Register Login

Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack

Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution.
The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at cybersecurity firm Qualys.
It has been described as critical and as serious as the Log4Shell vulnerability of 2021.
The company's researchers found that the OpenSSH server process 'sshd' is affected by a signal handler race condition allowing unauthenticated remote code execution with root privileges on glibc-based Linux systems.
It's unclear if exploitation on Windows and macOS systems is possible.
Exploitation of the regreSSHion vulnerability can lead to a complete system takeover, enabling the installation of malware and creation of backdoors.
OpenSSH, designed to provide a secure channel over an unsecured network in a client-server architecture, is widely used by enterprises for remote server management and secure data communications.
According to Qualys, searches conducted using the Shodan and Censys services show more than 14 million potentially vulnerable OpenSSH instances that are directly accessible from the internet.
Qualys' own customer data shows roughly 700,000 internet-exposed systems that appear to be vulnerable.
The security firm says CVE-2024-6387 is a regression of a previously patched vulnerability tracked as CVE-2006-5051.
Specifically, the flaw was reintroduced in October 2020 with the release of OpenSSH 8.5p1. Qualys noted that OpenBSD systems are not affected due to a mechanism introduced in 2001.
The vulnerability was recently removed by accident with the release of version 9.8p1. Organizations that cannot immediately upgrade can apply patches that will be released shortly by vendors.
Qualys has shared technical details for regreSSHion, but is not sharing proof-of-concept code to prevent malicious exploitation.
The company has instead provided some indicators of compromise to help organizations detect potential attacks.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 01 Jul 2024 12:43:04 +0000


Cyber News related to Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack

New regreSSHion OpenSSH RCE bug gives root on Linux servers - OpenSSH is a suite of networking utilities based on the Secure Shell protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP. The flaw, discovered by researchers at ...
5 months ago Bleepingcomputer.com
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack - Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution. The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at ...
5 months ago Securityweek.com
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
5 months ago Unit42.paloaltonetworks.com
Critical OpenSSH vulnerability could affect millions of servers - Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet. In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, ...
5 months ago Techtarget.com
Openssh Flaw Exposes Millions of Linux to Arbitrary Code Attacks - A critical vulnerability has been discovered in OpenSSH, a widely used implementation of the SSH protocol, which could potentially expose millions of Linux systems to arbitrary code execution attacks. The flaw, identified in the sshd(8) component of ...
5 months ago Cybersecuritynews.com
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
5 months ago Blog.qualys.com
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
5 months ago Packetstormsecurity.com
Critical OpenSSH Flaw Enables Full System Compromise - Over 14 million OpenSSH instances exposed to the internet are now at risk following the discovery of a critical vulnerability in OpenSSH's server, according to a new analysis by Qualys. The remote unauthenticated code execution vulnerability could ...
5 months ago Infosecurity-magazine.com
Debian and Ubuntu Fixed OpenSSH Vulnerabilities - Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package. In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature ...
11 months ago Securityboulevard.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
'RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems - An unauthenticated remote code execution vulnerability in the OpenSSH secure communications suite opens millions of Linux-based systems to takeover as root. It affects glibc-based Linux systems running sshd in its default configuration; it may also ...
5 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
11 months ago Cybersecuritynews.com
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
2 weeks ago
SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH. - Qualys published a blog posts with details regarding a critical remote code execution vulnerability. The CVEs associated with this vulnerability are CVE-2006-5051 and CVE-2024-6387, The reason for the two CVE numbers and the use of the old 2006 CVE ...
5 months ago Isc.sans.edu
A Fix is Available for a Security Flaw that Could Allow Unauthorized Access Before Authentication - The maintainers of OpenSSH have released a new version, 9.2, to fix a number of security issues, including a memory safety vulnerability in the OpenSSH server. This vulnerability, tracked as CVE-2023-25136, is a pre-authentication double free ...
1 year ago Thehackernews.com
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
1 year ago Cysecurity.news
Nearly 11 million SSH servers vulnerable to new Terrapin attacks - Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic ...
11 months ago Bleepingcomputer.com
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
1 year ago Heimdalsecurity.com
RegreSSHion: Critical Vulnerability in OpenSSH Exposes Millions of Servers - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Hackread.com
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
7 months ago Darkreading.com
Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
1 year ago Cybersecuritynews.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com
Terrapin attacks can downgrade security of OpenSSH connections - Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. This manipulation lets attackers remove ...
1 year ago Bleepingcomputer.com
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)