InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
The Qualys Threat Research Unit (TRU) has discovered a vulnerability in OpenSSH’s server (also known as sshd) on glibc-based Linux systems that allows unauthenticated remote code execution (RCE). The vulnerability has been assigned to CVE-2024-6387.
This vulnerability is based on CVE-2006-5051, an earlier vulnerability reported in 2006. It was patched, but reappeared in 2020.
OpenBSD systems are not affected by this bug because OpenBSD developed a secure mechanism in 2001 to prevent this vulnerability.
Exploitation of the vulnerability could lead to a complete compromise of the system. Attackers could execute arbitrary code with the highest privileges, spread through the network and steal data. Obtaining the highest privileges could allow attackers to bypass critical security mechanisms.
From the FAQ: Users have two update options: upgrade to the latest version released on Monday 1 July (9.8p1), or apply a fix to older versions as described in the advisory. Most vendors will take the second approach.
InfoGuard strongly recommends that you check the version of the SSH server(s) you are running and upgrade as soon as possible. If an upgrade is not possible, check the mitigations described below. No public exploit code is currently available, but this could change in the next few days.
InfoGuard’s eVUMA service enables you to see your company from the attacker’s perspective. This involves daily scans of your perimeter infrastructure by our security experts from our ISO/IEC 27001-certified Cyber Defence Center (CDC) in Baar.
As part of this service, we take full responsibility for the first steps of the vulnerability management process – from daily scanning to reporting. As soon as a critical vulnerability emerges that is exposed to the Internet, we handle the risk assessment of the vulnerability and proactively contact you. Our experts are then available as need be to advise you so that you can rectify the weak point quickly and effectively.
The benefit to you is a significant reduction in the response and information time should any new high or critical vulnerabilities emerge in your exposed infrastructure. This enables the system managers or CISOs to respond to the threat as quickly as possible without having to monitor the external infrastructure themselves 24/7.
Interested? Contact us today for a tailored consultation. We are here for you!