The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems.
CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH's server, allows unauthenticated remote code execution as root on glibc-based Linux systems; that presents a significant security risk.
In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.
Qualys has developed a working exploit for the regreSSHion vulnerability.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack.
Addressing the regreSSHion vulnerability in OpenSSH, which enables remote code execution on Linux systems, demands a focused and layered security approach.
Please check the Qualys Vulnerability Knowledgebase for the full list of coverage for this vulnerability.
With the Qualys Unified Dashboard, you can track the vulnerability exposure within your organization and view your impacted hosts, their status, distribution across environments, and overall management in real time, allowing you to see your mean time to remediation.
To make it easier for customers to track and manage regreSSHion vulnerability in their subscriptions, we have created the Manage regreSSHion dashboard, which you can download and import into your subscription.
We expect vendors to release patches for this vulnerability shortly.
Once patches are released, Qualys will find the relevant patches for this vulnerability and automatically add those patches to a patch job.
Yes, this vulnerability can be exploited remotely and allows unauthenticated remote code execution as root, posing a significant security risk.
Yes, we would encourage organizations to patch this vulnerability urgently, especially on their internet-facing assets.
The Qualys security team has taken immediate steps to protect our corporate infrastructure and products from any impact regarding the exploitation of this vulnerability.
Emergency patching procedures have been initiated to fully remediate the vulnerability.
A QID is reported as confirmed in authenticated scan results because these scans can access detailed information that verifies the vulnerability more reliably.
As the vulnerability begins to trend across various threat intelligence sources, our QDS will utilize these intelligent feeds for dynamic updates.
The update activates as soon as a vulnerability trends across various threat intelligence platforms.
This Cyber News was published on blog.qualys.com. Publication date: Mon, 01 Jul 2024 12:13:06 +0000