OpenSSH maintainers have released urgent security updates to fix a critical flaw. This flaw could allow unauthenticated remote code execution with root privileges on glibc-based Linux systems. The vulnerability, tracked as CVE-2024-6387, resides in the OpenSSH server component, sshd.
14 million servers have OpenSSH Flaw
Bharat Jogi, senior director at Qualys, disclosed the flaw today. “This race condition affects sshd in its default configuration,” he stated. Qualys found 14 million vulnerable OpenSSH server instances exposed online. This issue is a regression of an 18-year-old flaw, CVE-2006-5051, reinstated in OpenSSH version 8.5p1.
Successful exploitation of OpenSSH Flaw was demonstrated on 32-bit Linux/glibc systems with address space layout randomization. The attack requires 6-8 hours of continuous connections under lab conditions. Versions between 8.5p1 and 9.7p1 are impacted.
OpenBSD systems are unaffected due to their security mechanisms. Qualys discovered that sshd’s SIGALRM handler is called in an unsafe manner if a client doesn’t authenticate within 120 seconds. This results in a full system compromise and arbitrary code execution.
Jogi emphasized the importance of thorough regression testing to avoid reintroducing known vulnerabilities. Users should apply the latest patches, limit SSH access, and enforce network segmentation to secure against potential threats.
{{user}} {{datetime}}
{{text}}