The issue is related to CVE-2006−5051, a bug that was patched in 2006 but resurfaced in OpenSSH 8.5p1 in October 2020. The vulnerability affects glibc-based Linux systems using the default OpenSSH configuration. Interestingly, its exploitation does not require user intervention, which poses a significant threat, the researchers write.
Vulnerable versions include OpenSSH versions up to 8.5p1 and 9.8p1. Older versions prior to 4.4p1 are also affected if CVE-2006−5051 and CVE-2008−4109 are not patched. Qualys Threat Research has identified over 14 million potentially vulnerable servers, approximately 700,000 of which are at severe risk.
The OpenSSH 9.8/9.8p1 update is now available but not all Linux distributions have adopted it yet.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
