News Hub

Major OpenSSH vulnerability opens up 14 million servers to cyber risk

Written by Thu 4 Jul 2024

Researchers at the Qualys Threat Research Unit (TRU) have discovered a critical security vulnerability in an OpenSSH server (sshd) affecting over 14 million glibc-based Linux systems.

This serious flaw has the potential to let cybercriminals gain complete root access to any of the estimated servers containing this vulnerability.

Security researchers said while this is the first vulnerability that has impacted OpenSSH in almost two decades, it represents a major problem as a large number of companies use the tool for remote server management.

Senior Director at the Threat Research Unit at Qualys, Bharat Jogi, said within the security analysis, Qualys identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006.

“A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue,” said Jogi.

Because this incident originated from a regression that was implemented in late 2020, Qualys highlighted the importance of comprehensive regression testing to eliminate the risk of security problems such as this from happening again.

The potential risks from this flaw, nicknamed regreSSHion, are serious but as it is difficult for hackers to completely exploit this vulnerability, researchers have given it a severity score of 8.1 out of 10, ranking it as important instead of critical. A number of firewalls and network monitoring tools can detect and block potential hackers from exploiting regreSSHion.

OpenSSH has launched a fix for the issue, with all users needing to update to the new version if they are to be protected from the vulnerability. Unless this fix is installed, hackers will still be able to exploit the opening and make backdoors to install malware within the system.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Thu 4 Jul 2024

Send us a correction Send us a news tip