Weekly Workflow: RegreSSHion

Qualys Threat Research Unit (TRU) uncovered a critical Remote Unauthenticated Code Execution (RCE) vulnerability, identified as CVE-2024-6387, affecting OpenSSH servers on glibc-based Linux systems.

Blink Team
Author
Oct 4, 2024
 • 
3
 min read
Share this post

Is your OpenSSH server a part of the 700,000 at risk?

Qualys Threat Research Unit (TRU) has uncovered a critical Remote Unauthenticated Code Execution (RCE) vulnerability, identified as CVE-2024-6387, affecting OpenSSH servers on glibc-based Linux systems. 

This vulnerability, stemming from a signal handler race condition, allows an unauthenticated attacker to execute arbitrary code with root privileges.

How Qualys identified internet-facing vulnerable servers:

  1. Internet-wide scanning: Censys and Shodan were used to identify a large pool of potentially vulnerable OpenSSH servers exposed to the internet.
  2. Vulnerability assessment: Qualys CSAM 3.0 was employed to scan a specific customer base, identifying approximately 700,000 vulnerable instances.
  3. Vulnerability signature matching: Qualys' vulnerability detection engine compared the OpenSSH versions running on scanned systems against a known vulnerable version database.
  4. Data analysis: The percentage of vulnerable instances and the presence of end-of-life OpenSSH versions were calculated to provide insights into the vulnerability's prevalence and risk.

Qualys has successfully developed a proof-of-concept exploit and has coordinated responsible disclosure with the OpenSSH project. It's important to note that this vulnerability represents a regression of a previously patched issue (CVE-2006-5051), underscoring the criticality of robust regression testing in software development.

Blink is a pioneering security automation platform that functions as a copilot for security experts. By utilizing intuitive prompts, Blink empowers teams to streamline complex processes across disparate tools, significantly enhancing efficiency and productivity.

No items found.
No items found.