the Qualys Threat Research Unit (TRU) has disclosed a new critical security vulnerability in OpenSSH, designated CVE-2024-6387, which has the potential to compromise millions of open SSH servers worldwide. The new vulnerability Dubbed “regreSSHion,” this Remote Code Execution flaw will grant the attackers full root access.
The vulnerability affects OpenSSH versions earlier than 4.4p1, as well as those from 8.5p1 to 9.7p1. This means that a staggering 14 million potentially vulnerable OpenSSH server instances are exposed to the internet, making them vulnerable to exploitation.
The vulnerability, which is a signal handler race condition in OpenSSH’s server component, allows unauthenticated remote code execution as root on glibc-based Linux systems. This means that threat actors can execute arbitrary code with the highest privileges, subvert security mechanisms, steal data, and maintain persistent access.
This new security vulnerability is a comeback of an old flaw that was patched 18 years ago (CVE-2006-5051). Somehow, during an update in October 2020 (OpenSSH version 8.5p1), this old bug found its way back into the code. This incident serves as a stark reminder of the importance of rigorous regression testing in software development.
While the vulnerability exists, exploiting it isn’t straightforward. Under controlled conditions, a successful attack could take 6-8 hours of continuous connection attempts. However, the potential payoff for a determined attacker – full system compromise and takeover – makes this a serious threat.
The availability of multiple proof-of-concept (POC) codes on GitHub makes it essential for users to take immediate action to secure their systems.
The good news is that versions from 4.4p1 to 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051. However, the vulnerability resurfaces in versions from 8.5p1 to 9.7p1, making it essential for users to apply the latest patches to secure against potential threats.