|
|
OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387) Security Risk
This vulnerability is due to a race condition in signal handling within the OpenSSH daemon (sshd), allowing unauthenticated attackers to execute arbitrary code on Linux systems as the root user. The technical details of the exploit are now public, and it poses a significant risk. It is recommended to promptly conduct self-assessments and implement mitigation measures.
Affected Versions: 8.5p1 - 9.7p1
In simple terms: Any external attacker can potentially compromise hosts running SSH versions 8.5p1 through 9.7p1.
View Latest Package Files:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
Check Your Version:
```sh
ssh -V
```
Update and Install Required Packages:
```sh
sudo apt-get -y update
sudo apt-get install build-essential zlib1g-dev libssl-dev
```
Download Latest Package:
```sh
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
```
Unpack:
```sh
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
```
Compile:
```sh
./configure
make
```
Install:
```sh
sudo make install
```
Restart Service:
```sh
sudo systemctl restart ssh
```
Verify Installation:
```sh
ssh -V
```
If not showing openssh-9.8p1, add environment variable:
```sh
echo 'export PATH=/usr/local/bin:/usr/local/sbin PATH' >> ~/.bashrc
source ~/.bashrc
```
Re-check Version:
```sh
ssh -V
```
Lastly, restart your system.
Optional Additional Checks (optional):
```sh
which ssh
```
If output is /usr/bin/ssh or /usr/sbin/ssh, it's an older version.
```sh
ls -l /usr/bin/ssh /usr/local/bin/ssh /usr/sbin/sshd /usr/local/sbin/sshd
```
If /usr/local/bin/ssh and /usr/local/sbin/sshd exist, the new OpenSSH is installed.
Please note that these instructions are for educational purposes only and should be performed with caution. Always ensure you have proper backups before applying any security updates. |
|
发表于 2024-7-2 02:02:32