openssh-cve

2024-07-01 279 words One minute

Contents

CVE

OpenSSH CVE-2024-6387

该漏洞是 OpenSSH 服务器（sshd）中的信号处理程序争用条件，允许在基于 glibc 的 Linux 系统上以 root 身份执行未经身份验证的远程代码执行（RCE）;这带来了重大的安全风险。此争用条件会影响 sshd 的默认配置。

https://avd.aliyun.com/detail?id=AVD-2024-6387

缓解措施

# /etc/ssh/sshd_config
LoginGraceTime 0

systemctl restart sshd

8.5p1 <= OpenSSH < 9.8p1

ubuntu 22.04
ubuntu 24.04
debian 12 bookworm

ubuntu：https://ubuntu.com/security/CVE-2024-6387

jammy 22.04 fixed version: 1:8.9p1-3ubuntu0.10
noble 24.04 fixed version: 1:9.6p1-3ubuntu13.3

apt --only-upgrade install  openssh-client openssh-server

debian：https://security-tracker.debian.org/tracker/CVE-2024-6387
```
bookworm （12） fixed version: 1:9.2p1-2+deb12u3
```

almalinux: https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/

9  fixed version: openssh-8.7p1-38.el9.alma.2

dnf --refresh upgrade openssh

RHEL: https://access.redhat.com/security/cve/CVE-2024-6387
```
使用缓解措施
```
Rocky: https://forums.rockylinux.org/t/openssh-vulnerability-cve-2024-6387/14883/2
```
yum  install rocky-release-security

yum update openssh openssh-server
```