Saturday, July 6, 2024

HomeCyberSecurity700,000 OpenSSH servers vulnerable to remote code execution CVE
CyberSecurity

700,000 OpenSSH servers vulnerable to remote code execution CVE

Matt Kapko
By Matt Kapko
0
6
TellYouThePass ransomware widely targets vulnerable PHP instances

Dive Brief:

  • At least 700,000 OpenSSH servers are at risk of exploit from a remote code execution vulnerability, CVE-2024-6387, Qualys said Monday. Researchers at Qualys, which discovered the vulnerability, dubbed it “regreSSHion.”
  • Though Qualys researchers have not yet scored the CVE, they describe it as critical, presenting a significant security risk. The signal handler race condition in OpenSSH’s server allows unauthenticated remote code execution as root on glibc-based Linux systems.
  • “This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in complete system takeover, installation of malware, data manipulation and the creation of backdoors for persistent access,” Bharat Jogi, senior director of Qualys threat research unit, said in the report. 

Dive Insight:

OpenSSH, a collection of network security functions based on the secure shell protocol, supports multiple encryption technologies that secure communications, automated processes and file transfers.

The vulnerability, which is a regression of previously patched vulnerability CVE-2006-5051, affects OpenSSH version 8.5p1 up to 9.7p1, according to Qualys. The latest available update for OpenSSH server, version 9.8p1, fixes the vulnerability.

Qualys encourages enterprises to mitigate risk by quickly applying the latest version of the software and limiting access through network-based controls. Threat researchers also published technical details of the vulnerability on Monday.

The vulnerability likely exists in macOS and Windows, but researchers haven’t confirmed exploitability on those systems.

Exploits of CVE-2024-6387 “could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization,” Jogi said in the report. “Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities.”


Source link

Bookmark (0)
Previous article
Indian Software Firm’s Products Hacked to Spread Data-Stealing Malware
Next article
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
Matt Kapko
Matt Kapko
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Load more

Sponsored Business

- Advertisment -spot_img

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

Market World’s portal of services include news, marketing, development and ecommerce. We strive to meet the needs and provide high value for all visitors and customers. We offer digital services for small, mid-sized and large enterprise platforms. We treat our customers as partners and offer the tools and services for growth and success for your journey.

Become a Market World Entrepreneur

FOLLOW US              

© 2022 Market World LLC. All rights reserved