OpenSSH Flaw Gave Full Root Access for 15 Years
▼ Summary
– A code reuse issue allowed comma characters in certificate principals to be interpreted as list separators.
– An OpenSSH flaw that could enable full root shell access remained undetected for 15 years.
– The vulnerability was disclosed in a SecurityWeek article titled “OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years.”
A long-standing vulnerability in OpenSSH has finally been uncovered, one that granted attackers full root shell access for a staggering 15 years. The flaw originated from a code reuse problem where comma characters embedded within certificate principals were mistakenly processed as list separators.
This critical bug allowed an adversary to bypass standard authentication mechanisms and escalate privileges to the highest level. By exploiting the way OpenSSH handled certificate fields, an attacker could inject commands or manipulate the principal list to gain unauthorized, unrestricted control over a system.
The discovery highlights how even subtle coding errors can persist for over a decade, remaining undetected in one of the most widely used secure communication tools. The vulnerability effectively turned a trusted SSH certificate into a potential backdoor, compromising the core security of any server relying on standard OpenSSH configurations.
Administrators are urged to apply the latest patches immediately to close this longstanding gap. The fix corrects how certificate principal data is parsed, ensuring commas are treated as literal characters rather than delimiters, thereby restoring the integrity of access controls.
(Source: Securityweek.com)
