What You Need to Know About OpenSSH Vulnerability and New Vulnerable Scenario

New vulnerabilities can emerge without warning, and such is the case with the latest discovery: a critical remote unauthenticated code execution vulnerability in OpenSSH Server. While Stairwell has provided an immediate response to our customers and uncovered a potentially overlooked scenario, it nevertheless has sent shockwaves through the security community.

The Increasing Reach of OpenSSH Vulnerability

On July 1, Qualys revealed a severe vulnerability in OpenSSH Server that allows remote code execution without authentication. This flaw, dubbed “regreSSHion” (CVE-2024-6387) can potentially compromise thousands of systems globally, providing attackers with an open door to sensitive data and critical infrastructure. The vulnerability represents a regression from a previously patched issue (CVE-2006-5051) and can lead to full system compromise, data breaches, and persistent backdoors.

In addition to identifying vulnerable versions of OpenSSH in live environments, Stairwell’s comprehensive scanning capabilities have uncovered a novel and concerning scenario. It appears that Git for Windows includes an embedded SSH server (sshd.exe). While the original vulnerability report primarily focuses on OpenSSH servers on Linux, it is imperative to treat all identified versions of sshd as vulnerable across all operating systems until further clarification is provided.

Stairwell’s continuous analysis of customers’ preserved files has revealed a significant number of sshd instances originating from Git for Windows installations. These instances often go unnoticed, as many teams may not be aware that an SSH server is included in their Git installations. This means that vulnerable packages may exist in places that are not immediately obvious as SSH servers, posing hidden risks.

Uncovering New Vulnerable Scenario

Stairwell’s comprehensive data lake of executable files and related artifacts enabled us to quickly identify all instances of vulnerable OpenSSH versions across an enterprise’s entire infrastructure – the same infrastructure and processes utilized by Stairwell’s customers to detect the latest malware and cyber attacks. Our platform’s ability to preserve all files and continuously reevaluate them in light of new threat intelligence allows us to respond to vulnerabilities like regreSSHion with unprecedented speed and accuracy.

The recent OpenSSH vulnerability is a prime example of how Stairwell’s innovative approach provides tangible benefits. While many organizations scramble to identify and patch affected systems, Stairwell customers can rest assured knowing that their infrastructure has been thoroughly scanned and any vulnerable versions of OpenSSH, including hidden instances from Git for Windows, have been promptly identified.

Stairwell’s innovative approach:

1. Stairwell stores every executable file and related artifacts within an enterprise, creating a detailed and searchable inventory.
2. We constantly rescan stored files against the latest threat intelligence, ensuring that any newly discovered malware and vulnerabilities are immediately flagged.
3. Our platform delivers real-time insights into the status of all files, providing an instant overview of which systems are affected.
4. Designed to handle massive volumes of data quickly, Stairwell platform makes it possible to assess the security posture of an entire organization almost instantaneously.

Next Steps

Stairwell’s ability to retain and continuously analyze all files within an enterprise sets a new standard in cybersecurity. Our rapid response to the OpenSSH vulnerability demonstrates the real-world value of our approach, ensuring that our customers are always protected, even in the face of the most pressing vulnerabilities.

For more information on OpenSSH vulnerabilities or Stairwell’s threat detection and incident response platform, contact us today.