Qualys discovers critical vulnerability, regreSSHion, in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

With over 14 million instances worldwide, regreSSHion is severe and critical, especially for enterprises that rely heavily on OpenSSH for remote server management. OpenSSH is known to be one of the most secure software in the world. This vulnerability is a glaring gap in an otherwise near-flawless implementation.

Affected OpenSSH versions:

  • OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
  • Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
  • The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

Potential Impact of regreSSHion

This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities. This could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack. This can cause memory corruption and necessitate overcoming Address Space Layout Randomization (ASLR). Advancements in deep learning may significantly increase the exploitation rate, potentially providing attackers with a substantial advantage in leveraging such security flaws.

Immediate Steps to Mitigate Risk

Addressing the regreSSHion vulnerability in OpenSSH, which enables remote code execution on Linux systems, demands a focused and layered security approach. Below are concise steps and strategic recommendations for enterprises to safeguard against this significant threat:

  1. Patch Management: Quickly apply available patches for OpenSSH and prioritize ongoing update processes.
  2. Enhanced Access Control: Limit SSH access through network-based controls to minimize the attack risks.
  3. Network Segmentation and Intrusion Detection: Divide networks to restrict unauthorized access and lateral movements within critical environments and deploy systems to monitor and alert on unusual activities indicative of exploitation attempts.

Read more exclusives and news in our latest issue here.

Never miss a story… Follow us on:
Security Buyer
 @SecurityBuyer
 @Secbuyer

Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top