generated from sig_core/wiki-template
31 lines
1.2 KiB
Markdown
31 lines
1.2 KiB
Markdown
|
# CVE-2024-6387: openssh
|
||
|
|
|
||
|
|
## Title
|
||
|
|
|
||
|
|
CVE-2024-6387: regreSSHion: remote code execution (RCE) in OpenSSH server, exploitable at least on glibc-based Linux systems
|
||
|
|
|
||
|
|
## Summary
|
||
|
|
|
||
|
|
As [discovered by Qualys](https://www.openwall.com/lists/oss-security/2024/07/01/3) and
|
||
|
|
[summarized by OpenSSH upstream](https://www.openwall.com/lists/oss-security/2024/07/01/1):
|
||
|
|
|
||
|
|
A critical vulnerability in sshd(8) was present in Portable OpenSSH versions 8.5p1 [to] 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.
|
||
|
|
|
||
|
|
Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.
|
||
|
|
|
||
|
|
Public disclosure date: July 1, 2024
|
||
|
|
|
||
|
|
## EL9
|
||
|
|
|
||
|
|
- Fixed in version: `8.7p1-38.el9_4.security.0.5` available July 1, 2024
|
||
|
|
|
||
|
|
## EL8
|
||
|
|
|
||
|
|
- Unaffected
|
||
|
|
|
||
|
|
## Mitigation
|
||
|
|
|
||
|
|
Set `LoginGraceTime 0` in `/etc/ssh/sshd_config` and do a `systemctl restart sshd`.
|
||
|
|
|
||
|
|
A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks.
|