It is being reported that a new OpenSSH vulnerability which is currently being tracked as CVE-2024-6387 could impact 14 million internet-facing OpenSSH instances:
The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This bug marks the first OpenSSH vulnerability in nearly two decades—an unauthenticated RCE that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk.
In Qualys TRU’s analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).
Rogier Fischer, CEO and Co-Founder at Hadrian Security noted the following:
“While there is currently no proof of concept demonstrating this vulnerability, and it has only been shown to be exploitable under controlled lab conditions, it is plausible that a public exploit for this vulnerability could emerge in the near future. Hence it’s strongly advised to patch this vulnerability before this becomes the case”.
This is correct. Now that this is out there, it’s time to patch all the things. Hadrian has a blog post that goes down the rabbit hole on this vulnerability including mitigation steps.
Related
This entry was posted on July 2, 2024 at 8:03 am and is filed under Commentary with tags Qualys. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
A New OpenSSH Vulnerability Is Going To Be A Big Deal As It Affects A Whole Lot Of Things
It is being reported that a new OpenSSH vulnerability which is currently being tracked as CVE-2024-6387 could impact 14 million internet-facing OpenSSH instances:
The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This bug marks the first OpenSSH vulnerability in nearly two decades—an unauthenticated RCE that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk.
In Qualys TRU’s analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).
Rogier Fischer, CEO and Co-Founder at Hadrian Security noted the following:
“While there is currently no proof of concept demonstrating this vulnerability, and it has only been shown to be exploitable under controlled lab conditions, it is plausible that a public exploit for this vulnerability could emerge in the near future. Hence it’s strongly advised to patch this vulnerability before this becomes the case”.
This is correct. Now that this is out there, it’s time to patch all the things. Hadrian has a blog post that goes down the rabbit hole on this vulnerability including mitigation steps.
Share this:
Like this:
Related
This entry was posted on July 2, 2024 at 8:03 am and is filed under Commentary with tags Qualys. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.