New OpenSSH Vulnerability Threatens Millions of Linux Systems

New OpenSSH Vulnerability Threatens Linux Systems
Image: open source for u

A critical vulnerability in OpenSSH, identified as CVE-2024-6387 and dubbed “regreSSHion,” has been discovered, posing a severe threat to millions of Linux systems worldwide. This flaw could allow unauthenticated remote code execution (RCE) with root privileges on glibc-based Linux systems.

he vulnerability, uncovered by the Qualys Threat Research Unit (TRU), resides in OpenSSH’s server component, sshd.

It is a signal handler race condition, allowing attackers to execute arbitrary code with root privileges. This flaw is a regression of a previously patched issue (CVE-2006-5051) and was reintroduced in OpenSSH version 8.5p1 in October 2020.

Bharat Jogi, senior director at Qualys, explained, “This race condition affects sshd in its default configuration and allows for remote code execution as root on glibc-based Linux systems.”

The scope of this vulnerability is vast, with Qualys identifying over 14 million potentially vulnerable OpenSSH server instances exposed to the internet.

Among Qualys’ customers, approximately 700,000 systems are at risk.

Successful exploitation, demonstrated on 32-bit Linux/glibc systems with Address Space Layout Randomization (ASLR) enabled, requires around 6-8 hours of continuous connection attempts. While 64-bit system exploitation has not been confirmed, it remains a significant concern.

The OpenSSH development team has released version 9.8p1, which addresses this critical flaw. Users and administrators are strongly urged to update their OpenSSH installations to mitigate the risk.

For those unable to upgrade immediately, setting LoginGraceTime to 0 in the sshd configuration file can temporarily prevent remote code execution, though it may expose the server to denial of service (DoS) attacks.

Additional recommendations include limiting SSH access through network-based controls, enforcing network segmentation, and ensuring ASLR is enabled and properly configured.

The OpenSSH community has responded quickly to this critical vulnerability. Version 9.8p1 not only fixes the race condition but also addresses other security issues and bugs.

The OpenSSH project plans further security enhancements and the deprecation of outdated algorithms, such as the DSA signature algorithm, by early 2025.

The regreSSHion vulnerability in OpenSSH underscores the critical need for timely updates and robust security practices to protect systems from exploitation. Organizations must act swiftly to secure their OpenSSH instances and prevent potential attacks.

The collaborative efforts of the OpenSSH community and security researchers play a vital role in maintaining the integrity and reliability of this essential software.