This New SSH Exploit Gets You Root Access In Linux Systems!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] are you confident your Linux systems are secure think again a critical vulnerability in open SSH has just been uncovered allowing hackers to gain root access to millions of systems worldwide if you're using SSH for remote access or management your entire network could be at risk this is a game-changing exploit that's sending shock waves through the cyber security community in today's video we uncover a shocky new SSH exploit that's put Linux systems at risk let's find out how this vulnerability works and its potential impact so make sure to stick around until the end open SSH maintainers have recently released security updates to address a severe vulnerability that could result in unauthenticated remote code execution with r privileges on gpy based Linux systems it's a full-blown security crisis that's putting millions of systems at risk this vulnerability has been given the rather ominous code name regression and has been assigned to cve identifier cve 2024 6387 now you might be wondering what exactly is affected well the vulnerability resides in the open SS server component also known as sshd for those who might not be familiar with it sshd is the part of open SSH that listens for connections from client applications in other words it's the G gatekeeper of your system when it comes to SSH connections lad Joi the senior director of the threat research uned at qualies a prominent cyber security front has described this vulnerability as a signal Handler race condition in open SSH server that might sound like a mouthful of technical jargon but what it essentially means is that there is a flaw in how the SSH server handle certain operations creating a window of opportunity for attackers to exploit this vulnerability is particularly concerning because it affects sshd in its default configuration this means that you could still be vulnerable even if you haven't made any custom changes to your SSH setup it's a summering reminder that sometimes even the out-of-the-box settings we assume to be secure can Harbor hidden dangers the cyber security researchers of qualis have identified no less than 14 million potentially vulnerable op SSH server instances exposed to the interet that's not just a few isolated systems it's a vast attack surface that could potentially be exploited by malicious actors but here's where things get even more interesting and concerning this vulnerability isn't entirely new in fact it's a regression of an already patched 18-year-old flaw tracked at cve 2006 5051 for those keeping score that's a vulnerability from 2006 that was supposedly fixed only to rear its ugly head again in October 2020 with the release of open SSH version 8.5 P1 this regression shows that even when vulnerabilities are patched there is always the risk that future updates or changes could inadvertently reintroduce old problems according to open s's own advisory successful exploitation has been demonstrated on 32-bit Linux gpy systems with address based layout randomization they go on to state that under of lap conditions the attack requires on average 6 to 8 hours of continuous connections up to the maximum the server will accept this might sound like a long time and you might be tempted to think that such a lengthy exploitation process would be easily noticed however in the world of cyber security determined attackers often play the long game a patient attacker could potentially carry out this exploit over an extended period flying under the radar of of many detection systems let's delve deeper into which versions of open SSH are affected by this vulnerability the re Russian flaw impacts versions between 8.5p P1 and 9.7 P1 but that's not all versions prior to 4.4 P1 are also vulnerable to this race condition bug unless they have been specifically patched for cve 2006 5051 and cve 2008 4109 it's a white net that catches many systems in Ed to date interestingly open BSD systems are unaffected by this vulnerability because open BSD includes a security mechanism that effectively blocks this flaw this highlights the importance of proactive security measures and the value of learning from different operating system approaches but what about other popular operating systems well it's likely that this security shortcoming also affects Mac OS and windows however its exploitability on these platforms remains unconfirmed and requires more analysis this uncertainty underscores the complexity of modern operating systems and the challenges faced by cyber security researchers in fully understanding the scope of such vulnerabilities qualis in their detailed analysis found that if a client doesn't authenticate within 120 seconds a setting defined by logging race time then sshd Sig alarm Handler is calleded asynchronously in in a manner that's not async signal safe this means that there's a small window of opportunity where the system is vulnerable to attack the consequences of exploiting cve 2024 6387 are severe and far-reaching a successful exploit could lead to a full system compromise and take over this means that the threat actors could potentially execute arbitrary code with the highest privileges subvert security mechanisms steal sensitive data and even maintain persist instant access to the compromise system imagine a scenario where an attacker gains root access to a critical server in your organization they could potentially access confidential data modify system configurations install back doors for feature access and use the compromise system as a Launchpad to attack other systems in your network the potential for damage is enormous and the consequences could be catastrophic for businesses and organizations of all sizes barad Joi from quala put it suly when he said a flaw once fixed has reappeared in a subsequent software release typically due to changes or updates that inadvertently reintroduce the issue this incident shows the importance of thorough regression testing and preventing the reintroduction of known vulnerabilities into the environment this vulnerability will be exploited on a massive scale cyber security firms po Alto networks unit 42 and whiz have weighed in on this they suest suggest that the vulnerability is unlikely to be subjected to widespread or opportunistic exploitation because an attacker must know in advance what Linux distribution they are targeting to build a functional exploit another Factor that's likely to prevent Mass exploitation is the time it takes to complete an attack as mentioned earlier it can take as long as 8 hours and require as many as 10,000 authentication steps kaspari another major player in the cyber security field pointed this out although they were quick to add that it doesn't rule out the possibility of Highly targeted exploitation AO a cyber security expert elaborated on this point stating the specific nature of the race condition and its exploitation require a significant number of attempts to achieve successful execution with varying success rates depending on the version and environment and other words while the vulnerability is serious exploiting it at a scale presents significant challenges however and this is crucial to understand the difficulty of exploitation doesn't mean we can ignore this vulnerability in the world of cyber security what's challenging today might become trivial tomorrow as new techniques and tools are developed moreover high value targets might still be at risk from determined well-resourced attackers who are willing to put in the time and effort required for a successful exploit so what can you do to protect your systems from this vulnerability the most important step is to apply the latest patches as soon as possible open SSH maintainers have released security updates to address this issue and you must Implement these patches to secure your systems against potential threats but patching isn't the only step you should take it's also advisable to limit SSH access through network-based controls this means implementing strict firewall rules using virtual private networks for remote access and possibly even considering jump servers for added security by limiting who can access your SSH servers and from where you significantly reduce your attack surface another crucial step is to enforce Network segmentation this strategy involves dividing your network into smaller isolated segments by doing so you restrict unauthorized access and lateral movement within your environment even if an attacker manages to compromise one segment they will find it much harder to move to other parts of your network open SSH design to provide secure channels over unsecured networks in a client server architecture is widely used by Enterprises for remote server management and secure data Communications it plays a critical role in maintaining the confidentiality and integrity of network communications worldwide all the organizations and firms using op SSH might be worried about their security but using the latest patches might reduce the risk to a greater extent the complexity of this vulnerability is both good news and bad ERS the good news is that it's not easy to exploit which reduces the likelihood of widespread opportunistic attacks the bad news is that it's still a serious vulnerability that could be exploited by determined attackers especially against high value targets qualis the cyber security firm that discovered this flaw identified over 14 million potentially vulnerable open SSH server instances exposed to the internet the researchers have also provided technical details to ass assist with remediation efforts while they have not released proof of concept code to prevent malicious exploitation they have shared indicators of compromise to help organizations detect potential attacks the severity of this vulnerability lies in what an attacker could potentially do if they successfully exploited with route axis an attacker could execute arbitrary code with the highest privileges subvert security mechanisms steal sensitive data install malware create back door for persistent aess and use the compromise system as a Launchpad for further attacks the potential for damage is enormous especially for businesses and organizations that rely heavily on Linux systems and SSH for secure Communications and Remote Management so what do you think about the reemergence of old vulnerabilities in modern software have you ever experienced a security breach due to a similar issue let us know in the comment section and don't forget to subscribe to the channel

Info

Channel: Hacker Man

Views: 1,563

Rating: undefined out of 5

Keywords: cybersecurity, hacking, hacker

Id: j-_aW1-rjjA

Channel Id: undefined

Length: 11min 37sec (697 seconds)

Published: Thu Jul 11 2024