There is a critical security vulnerability (CVE-2024-6387) affecting OpenSSH servers that could allow attackers to remotely take control of your system. This vulnerability is especially dangerous because it can be exploited without any authentication required.
What is the vulnerability?
This vulnerability is a flaw in how OpenSSH handles signals. If a client does not connect within a certain amount of time, an error occurs that can be exploited by attackers to gain root access to your system. This could allow a complete system compromise, letting attackers steal data, install malware, subvert security mechanisms, and maintain persistent access.
What systems are affected?
OpenSSH versions 8.5p1 to 9.7p1 are vulnerable to this exploit. Additionally, versions prior to 4.4p1 are also vulnerable unless they have been patched for specific older vulnerabilities (CVE-2006-5051 and CVE-2008-4109).
What should you do?
- Patch immediately: Apply the latest security updates for OpenSSH as soon as possible. You can find these updates from your operating system vendor. The recommended version is 9.8p1 or later.
- Limit SSH access: Use firewalls and other network controls to restrict access to your SSH server. This will help to make it more difficult for attackers to exploit this vulnerability.
- Segment your network: Segment your network to limit the access that attackers can gain if they are able to exploit this vulnerability.
We recommend that you take steps to patch your systems as soon as possible to mitigate the risk of this vulnerability.
Safeguard your organization. Learn more about CloudJacket at https://www.secnap.com/cloudjacket/. Contact us today for a free consultation 954-350-0712.
