- Security researchers have uncovered a significant remote code execution flaw in Open Secure Shell (OpenSSH) servers.
- Over 14 million instances of potentially susceptible OpenSSH were thought to be exposed to the internet.
Millions of OpenSSH servers are susceptible to a critical vulnerability that allows remote code execution operations, bypassing authentication safeguards. A security research team at Qualys found the bug, known as regreSSHion (CVE-2024-6387). The bug primarily affects Glibc-based Linux systems. So far, whether the flaw impacts Windows or Mac systems is unclear.
According to the research team, a signal handler race condition allows unauthenticated remote code execution with root privileges on glibc-based Linux systems, affecting OpenSSH servers’ ‘sshd’ process. This, in turn, can result in a complete system takeover, allowing easy creation of backdoors or installation of malware threats. The new flaw is considered as severe as the Log4Shell vulnerability of 2021.
See More: Skybox Security Report Reveals Key Vulnerability Trends Over Past Year
OpenSSH is used extensively for data communication and remote server management to secure channels…
