July 1, 2024 at 10:08AM
Glibc-based Linux systems should upgrade OpenSSH’s server due to a new bug (CVE-2024-6387) revealed by Qualys researchers. They discovered a race condition vulnerability that could lead to remote code execution, affecting potentially hundreds of thousands of instances. Systems running on OpenBSD are exempt, and Qualys recommends specific patches and network-based controls for mitigation.
Key Takeaways from the Meeting Notes:
– Glibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd).
– The vulnerability is a regression of the previously patched vulnerability CVE-2006-5051 and could allow remote code execution on potentially hundreds of thousands of targets.
– Systems running glibc, both 32-bit and 64-bit, are likely exposed.
– OpenBSD is an exception due to a security tweak made in 2001.
– The vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack.
– Versions of OpenSSH earlier than 4.4p1 and versions from 8.5p1 up to but not including 9.8p1 are vulnerable unless patches have been applied.
– Qualys recommends applying patches, limiting SSH access through network-based controls, segmenting networks, and monitoring systems for exploit attempts.
– Despite the bug, Qualys praised the OpenSSH project’s defense-in-depth design and code as near-flawless.