Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability | CyberScoop<\/title> <meta name=\"description\" content=\"The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/openssh-vulnerability-linux-regresshion\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability\"> <meta property=\"og:description\" content=\"The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/openssh-vulnerability-linux-regresshion\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-07-03T00:04:38+00:00\"> <meta property=\"article:modified_time\" content=\"2024-07-03T00:04:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1281\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1719250562g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1719935282g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1719925052g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80912\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80912\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenssh-vulnerability-linux-regresshion%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenssh-vulnerability-linux-regresshion%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80912 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/openssh-vulnerability-linux-regresshion\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"23.912109375\">\n<div class=\"single-article__header-content\" readability=\"29.283783783784\">\n<p> The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> A bridge at night. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.498505840804\"><body readability=\"71.664502803187\"><\/p>\n<p>It\u2019s not often that an OpenSSH vulnerability is discovered, so when researchers at the cybersecurity firm Qualys revealed a flaw in the widely used secure communications protocol, it set the security community buzzing.<\/p>\n<p>The vulnerability in the OpenSSH networking tool affects nearly 14 million vulnerable instances, according to Qualys, and experts are scrambling to patch the bug before it is exploited. Dubbed <a href=\"https:\/\/blog.qualys.com\/vulnerabilities-threat-research\/2024\/07\/01\/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\">regreSSHion<\/a>, the vulnerability is severe and can be used to gain full access to affected systems and to bypass firewalls. The bug takes advantage of a timing issue that was fixed nearly a decade ago but was re-introduced in 2020, a phenomenon known as \u201cregression\u201d that inspired the bug\u2019s name.<\/p>\n<p>But experts are cautioning that the bug \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-6387\">CVE-2024-6387<\/a> \u2014 is difficult to exploit even under the best conditions, and most modern systems have defenses against this type of attack.<\/p>\n<p>Omkar Arasaratnam, general manager of the Open Source Security Foundation, said the researchers had to use specific laboratory conditions to ensure a successful intrusion.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cQualys came up with situations through which they were able to take a thing that may take weeks to a thing that could take hours, but it still relied upon an intentionally fragile environment for it to execute,\u201d Arasaratnam said, noting that finding a bug in a program thought by many to be \u201crock solid\u201d is impressive work.<\/p>\n<p>OpenSSH <a href=\"https:\/\/www.openssh.com\/txt\/release-9.8\">noted<\/a> that it took them eight hours of continuous connection before they were able to replicate a successful attack.<\/p>\n<p>Jake Williams, former National Security Agency hackerand the vice president of research and development at Hunter Strategy, said in an email that the severity of the bug should not be overstated, cautioning that the \u201cInternet is NOT on fire.\u201d<\/p>\n<p>\u201cThis disclosure also provides another opportunity to talk about the importance of zero trust. Most organizations don\u2019t need SSH open to the whole Internet,\u201d Sullivan said.<\/p>\n<p>Qualys is not releasing a proof of concept for the vulnerability and so far no successful exploits have been released in the wild, giving defenders time to mitigate the bug.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Still, the discovery of a vulnerability in a ubiquitous piece of open-source software raises concerns that it will linger unpatched on significant numbers of systems. Vulnerable versions of the software Log4j are still <a href=\"https:\/\/cyberscoop.com\/north-korea-lazarus-log4j-log4shell\/\">prevalent in the wild<\/a> and exploited by state-backed hackers, even though the Log4Shell exploit was revealed years ago.<\/p>\n<p>RegreSSHion only appears to impact Linux systems that are 32 bit, which are typically older computer systems that \u2014 in this case \u2014 lack a modern security technique that appears to block the bug, dramatically decreasing the number of affected systems.<\/p>\n<p>Arasaratnam noted that the bug would be avoided by using memory-safe languages, the transition to which is a <a href=\"https:\/\/cyberscoop.com\/memory-safety-vulnerability-national-cyber-director\/\">key priority<\/a> of the Biden administration to better secure the open-source ecosystem on which the world\u2019s digital systems rely.<\/p>\n<p>A string of high-profile vulnerabilities affecting open-source software and malicious efforts to manipulate the maintenance of open-source tools has led to concerns about the security of open-source software. Both financially motivated criminals and state-backed hackers have been targeting open-source code and developers in an effort to infect their victims further down the supply chain ecosystem.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.7319587628866\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/openssh-vulnerability-linux-regresshion\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability | CyberScoop Skip to<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1073,2280,256,310,288,2281],"tags":[1076,2282,262,311,294,2283],"class_list":["post-4310","post","type-post","status-publish","format-standard","hentry","category-open-source","category-openssh","category-research","category-technology","category-threats","category-vulnerability","tag-open-source","tag-openssh","tag-research","tag-technology","tag-threats","tag-vulnerability"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openssh\/\" rel=\"category tag\">OpenSSH<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a>","tag_info":"vulnerability","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4310"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4310\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4310,"date":"2024-07-02T19:04:38","date_gmt":"2024-07-03T00:04:38","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80912"},"modified":"2024-07-02T19:04:38","modified_gmt":"2024-07-03T00:04:38","slug":"researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/02\/researchers-uncover-rare-difficult-to-exploit-openssh-vulnerability\/","title":{"rendered":"Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability"},"content":{"rendered":"