The Qualys Threat Research Team has uncovered a significant vulnerability discovered in OpenSSH, a network communications tool that is widely used on Unix-like systems, including macOS and Linux. Qualys says the discovery is the biggest vulnerability since log4shell and if OpenSSH is used in an organisation’s network, it’s high likely they’re at risk.
“This vulnerability, CVE-2024-6387, named regreSSHion, has the potential, if left unpatched, to result in a full system compromise, allowing attackers to execute arbitrary code, install malware, and create backdoors,” reads the Qualys advisory. “It enables network propagation, bypasses critical security mechanisms, and causes significant data breaches. Although challenging to exploit due to its remote race condition nature, advancements in deep learning may increase the success rate, giving attackers a substantial advantage.”
Impacted versions of Open SSH are:
- OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109;
- Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure; and
- The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
Qualys says the vulnerability demands a focused and layered security approach. The advisory includes concise steps and strategic recommendations to safeguard an organisation, including;
- Patch management: Quickly apply available patches for OpenSSH and prioritise ongoing update processes;
- Enhanced access control: Limit SSH access through network-based controls to minimise the attack risks; and
- Network segmentation and intrusion detection: Divide networks to restrict unauthorised access and lateral movements within critical environments and deploy systems to monitor and alert on unusual activities indicative of exploitation attempts.