Qualys warns of OpenSSH vulnerability researchers are calling ‘extremely dangerous’

01-July-24

Qualys Inc. has identified a critical OpenSSH vulnerability, CVE-2024-6387, affecting over 14 million servers, dubbed “regreSSHion” due to its reemergence after being previously patched. This vulnerability, considered highly dangerous, enables remote code execution as root on glibc-based Linux systems through a signal handler race condition. Exploiting this flaw allows attackers to execute arbitrary code with root privileges, potentially leading to full system compromise. Although a patch is available, the widespread use of OpenSSH makes deployment challenging. Users are urged to apply patches, enhance access controls, and implement network segmentation to mitigate risks.

Read More…