Home Security New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

by


Jul 01, 2024NewsroomLinux / Vulnerability

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.

The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client applications.

“The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems,” Bharat Jogi, senior director of the threat research unit at Qualys, said in a disclosure published today. “This race condition affects sshd in its default configuration.”

Cybersecurity

The cybersecurity firm said it identified no less than 14 million potentially vulnerable OpenSSH server instances exposed to the internet, adding it’s a regression of an already patched 18-year-old flaw tracked as CVE-2006-5051, with the problem reinstated in October 2020 as part of OpenSSH version 8.5p1.

“Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with [address space layout randomization],” OpenSSH said in an advisory. “Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept.”

The vulnerability impacts versions between 8.5p1 and 9.7p1. Versions prior 4.4p1 are also vulnerable to the race condition bug unless they are patched for CVE-2006-5051 and CVE-2008-4109. It’s worth noting that OpenBSD systems are unaffected as they include a security mechanism that blocks the flaw.

It is likely that the security shortcoming also affects both macOS and Windows, although its exploitability on these platforms remains unconfirmed and requires more analysis.

Specifically, Qualys found that if a client does not authenticate within 120 seconds (a setting defined by LoginGraceTime), then sshd’s SIGALRM handler is called asynchronously in a manner that’s not async-signal-safe.

Cybersecurity

The net effect of exploiting CVE-2024-6387 is a full system compromise and takeover, enabling threat actors to execute arbitrary code with the highest privileges, subvert security mechanisms, data theft, and even maintain persistent access.

“A flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue,” Jogi said. “This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment.”

While the vulnerability has significant roadblocks due to its remote race condition nature, users are recommended to apply the latest patches to secure against potential threats. It’s also advised to limit SSH access through network-based controls and enforce network segmentation to restrict unauthorized access and lateral movement.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex