An unauthenticated remote code execution vulnerability in the OpenSSH secure communications suite opens millions of Linux-based systems to takeover as root.
It affects glibc-based Linux systems running sshd in its default configuration; it may also exist in Mac and Windows environments.
According to the Qualys researchers behind the discovery, there are more than 14 million potentially vulnerable OpenSSH server instances exposed to the Internet.
That means different patching schemes are available for different versions.
The vulnerability is challenging to exploit, according to researchers, but also is not easy to fully remediate, demanding a focused and layered security approach.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 01 Jul 2024 19:40:07 +0000