A vulnerability CVE-2024-6387 was discovered in OpenSSH server (sshd). This vulnerability is exploitable remotely on glibc-based linux systems: an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

At the time of publication, exploitation is believed to be difficult–requiring winning a race condition, which is hard to successfully exploit and may take several hours per machine being attacked.

Bare Metal Solution impact

Based on our investigations, we are not aware of any exploitation attempts on existing Google managed Bare Metal Solution infrastructure.

What should I do?

1. We recommend updating to the safe OpenSSH version 9.8p1 once it is released, or applying sshd patches once provided by OS vendors.
2. We also recommend disabling/removing vulnerable OpenSSH server wherever it is not required.
3. Setup firewall rules to restrict access to SSH servers from trusted network endpoints.
4. Monitor for any unusual network activity involving SSH servers.

• CVE-2024-6387