Article 6NXSW New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

by
janrinok
from SoylentNews on (#6NXSW)

upstart writes:

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems:

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.

The vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client applications.

"The vulnerability, which is a signal handler race condition in OpenSSH's server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems," Bharat Jogi, senior director of the threat research unit at Qualys, said in a disclosure published today. "This race condition affects sshd in its default configuration."

The cybersecurity firm said it identified no less than 14 million potentially vulnerable OpenSSH server instances exposed to the internet, adding it's a regression of an already patched 18-year-old flaw tracked as CVE-2006-5051, with the problem reinstated in October 2020 as part of OpenSSH version 8.5p1.

"Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with [address space layout randomization]," OpenSSH said in an advisory. "Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept."

[...] The net effect of exploiting CVE-2024-6387 is full system compromise and takeover, enabling threat actors to execute arbitrary code with the highest privileges, subvert security mechanisms, data theft, and even maintain persistent access.

"A flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue," Jogi said. "This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment."

While the vulnerability has significant roadblocks due to its remote race condition nature, users are recommended to apply the latest patches to secure against potential threats. It's also advised to limit SSH access through network-based controls and enforce network segmentation to restrict unauthorized access and lateral movement.

See also:

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments