Critical Vulnerability in OpenSSH server component

Evolve Security is writing to inform you of a critical security vulnerability identified as CVE-2024-6387, which has been reported in the OpenSSH server (sshd) component of glibc-based Linux systems. This vulnerability poses a significant risk and could potentially allow unauthorized access or control over affected systems.

Overview of CVE-2024-6387 Vulnerability:

Researchers have identified a Remote Unauthenticated Code Execution (RCE) vulnerability, named “regreSSHion,” that allows remote code execution as root due to a race condition in the default configuration of sshd. The vulnerability is a regression of CVE-2006-5051, a vulnerability initially patched in 2006. In software development, a "regression" occurs when a flaw, once fixed, reemerges in a later software release often due to subsequent changes that inadvertently reintroduce the issue. This regression was introduced in OpenSSH version 8.5p1 in October 2020.

Affected Versions:

OpenSSH versions prior to 4.4p1 are susceptible to this race condition vulnerability unless patched for prior issues identified as CVE-2006-5051 and CVE-2008-4109. Versions between 4.4p1 and 8.4p1, however, are secured against this vulnerability due to a key patch implemented for CVE-2006-5051, which corrected a previously problematic function. The issue re-emerged in versions starting from 8.5p1 through to 9.7p1. This regression occurred because a critical safeguard was omitted from a function during updates. Systems running OpenBSD are not affected by this vulnerability, thanks to a robust security mechanism precluding such vulnerabilities.

Immediate Action Required:

Update Your Systems:

Ensure that all your systems running the affected software are updated to the latest version as recommended by the vendor. The latest updates contain patches addressing this vulnerability. 

Review Security Protocols:

We recommend reviewing your current security protocols and ensuring that your systems are configured to minimize risks from such vulnerabilities. 

Monitor for Anomalies:

Keep an eye on your systems for any unusual activity. Early detection of a potential breach can significantly reduce the impact of this vulnerability.

Proactive Measures Taken by Evolve Security:

To ensure the security of our infrastructure and to safeguard your data, Evolve Security has thoroughly reviewed our systems and taken appropriate actions to mitigate any threats posed by CVE-2024-6387. We have implemented stringent security measures and updated relevant systems to secure our network against this vulnerability. This proactive approach underscores our commitment to the security and integrity of our client's data.

Additional Assurance for External Attack Surface Management Clients: If you are currently leveraging our External Attack Surface Management service, please rest assured that our Offensive Security Operations Center analysts are diligently validating and notifying our clients of any potential risks to their environments related to this vulnerability. We are proactively working to ensure your digital assets remain secure and unaffected. Assistance from Evolve Security: We understand the severity of this issue and are prepared to assist you in mitigating the risks associated with CVE-2024-6387.

Please do not hesitate to reach out to us at osoc@evolvesecurity.com for any immediate concerns or assistance. Thank you for your prompt attention to this critical matter. 

We appreciate your cooperation in ensuring the security and integrity of our digital environments. References:

• Qualys Research Blog on CVE-2024-6387: Qualys Blog

• Tenable Nessus Plugin for CVE-2024-6387: Tenable Plugin 201194

• CVE Details on CVE-2024-6387: CVE-2024-6387 at MITRE 

• Full Vulnerability Analysis Report: Qualys Analysis