July 1 2024

New OpenSSH vulnerability could lead to escalation of root privileges on Linux systems

Over 14 million potentially vulnerable OpenSSH server instances between 8.5p1 and 9.7p1 exposed on the Internet, update and patch now.

OpenSSH-Security Vulnerabilities

OpenSSH maintainers have released security updates to contain a critical security flaw that could lead to unauthenticated remote code execution with root privileges on glibc-based Linux systems.

The vulnerability has been assigned the CVE identifier CVE-2024-6387. It lies in OpenSSH server component , also known as sshd, designed to listen for connections from any client application.

“The vulnerability, which is a race condition of the signal handler in the OpenSSH server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems,” he said Bharat Jogi, senior director of Qualys' threat research unit. in a statement published today. “This race condition affects sshd in its default configuration.”

A race condition is a situation in which software behavior depends on the sequence or timing of unsynchronized operations. This problem often occurs in concurrent or multi-threaded systems, where two or more processes or threads attempt to access or modify a shared resource at the same time. If not managed properly, race conditions can cause unpredictable behavior, programming errors, and security vulnerabilities. In the security field, a race condition can be exploited by an attacker to perform unauthorized actions, access sensitive data or compromise the integrity of the system, making the implementation of adequate synchronization and access control techniques essential.

The cybersecurity firm said it has identified no fewer than 14 million potentially vulnerable OpenSSH server instances exposed on the Internet, adding that this is a reversion of an 18-year-old flaw already patched and identified as CVE-2006-5051 , with the issue reverted in October 2020. as part of OpenSSH version 8.5p1.

“Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with [ randomization of address space layout ]”, said OpenSSH in a warning. “Under laboratory conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum that the server will accept.”

The vulnerability impacts versions between 8.5p1 and 9.7p1. Versions prior to 4.4p1 are also vulnerable to the race condition bug, unless patched for CVE-2006-5051 and CVE-2008-4109 . It is worth noting that OpenBSD systems are not affected, as they include a security mechanism that blocks the flaw.

Specifically, Qualys found that if a client fails to authenticate within 120 seconds (a setting defined by LoginGraceTime), sshd's SIGALRM handler is called asynchronously, in a way that is not async-signal-safe .

The net effect of exploiting CVE-2024-6387 is complete system compromise and control, allowing threat actors to execute arbitrary code with the highest privileges, subvert security mechanisms, steal data, and even maintain an access persistent.

“A flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the problem,” Jogi said. “This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment.”

While the vulnerability presents significant hurdles due to its remote race condition nature, users are advised to apply the latest patches to protect themselves from potential threats. We also recommend limiting SSH access through network-based controls such as firewalling and enforcing network segmentation to limit unauthorized access and lateral movement.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top