July 3, 2024 at 06:24AM
Qualys discovered a critical OpenSSH vulnerability, CVE-2024-6387, known as regreSSHion, that allows unauthenticated attackers to execute remote code. More than 14 million OpenSSH instances are potentially vulnerable. Exploitation is challenging and not yet confirmed in the wild. While attempts have been made, Palo Alto Networks was unable to achieve remote code execution. OpenSSH 9.8 developers highlighted system-specific vulnerabilities and the cybersecurity community is working on tools to identify vulnerable servers.
From the meeting notes, we have gleaned important information about the recently disclosed OpenSSH vulnerability, tracked as CVE-2024-6387 which has been named regreSSHion. The vulnerability presents a serious threat, as it can potentially lead to the complete takeover of systems and enable the deployment of malware and backdoors.
Qualys has reported that there are over 14 million potentially vulnerable OpenSSH instances on the internet, and roughly 700,000 systems appear to be susceptible, based on their own customer data. However, Palo Alto Networks has stated that while the vulnerability is critical, it may not lead to mass exploitation as they were unable to achieve remote code execution in their tests.
Security researcher Raghav Rastogi has observed an IP address attempting to exploit the vulnerability, although in-the-wild exploitation attempts have not been confirmed yet. Qualys has also explained that the exploitation of this vulnerability is not a straightforward task, requiring a significant number of attempts to win the race condition and execute arbitrary code.
The OpenSSH developers have noted that the exploitation has only been demonstrated on 32-bit glibc-based Linux systems and that exploitation on non-glibc systems is conceivable but has not been examined. Additionally, there are concerns that these attacks may be improved upon, and members of the cybersecurity community have begun releasing open-source tools to identify vulnerable OpenSSH servers.
Given the severity of this vulnerability and the potential threat it poses to systems, it is important for us to stay updated on its developments and take necessary precautions to mitigate the risks.