c

c

世上本没有路
tg_channel
mastodon
pleroma

Fixing OpenSSH vulnerability CVE-2024-6387 on Linux

Recently, OpenSSH fixed a remote code execution vulnerability (CVE-2024-6387). The vulnerability was caused by a race condition in the signal handling process of the OpenSSH server (sshd), allowing unauthenticated attackers to execute arbitrary code as root on Linux systems. Currently, technical details of this vulnerability (including proof of concept code, PoC) have been publicly disclosed on the Internet. Users affected by this vulnerability are advised to upgrade to the latest version as soon as possible to fix the issue.

Affected Versions#

  • OpenSSH < 4.4p1
  • 8.5p1 <= OpenSSH < 9.8p1

Fix Target#

OpenSSH >= 9.8p1

Fix Process#

Check OpenSSH: Release Notes

Choose 9.8p1.

Check the currently installed version. If unable to run the dnf command, replace dnf with yum

dnf list installed openssh

Check the currently running version

ssh -V

Check available versions with the package manager

dnf list available openssh

If OpenSSH >= 9.8p1 is not satisfied, download and install from OpenSSH

wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz

Unpack

tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1

Check the current installation directory

which sshd && which ssh

Location /usr/bin/ssh

Adjust the prefix parameter in the following commands based on the installation location:

sudo ./configure --prefix=/usr

Then

make
sudo make install

Check for updates

ls -l /usr/bin/ssh

ls -l /usr/sbin/sshd

Check the current version

ssh -V

Update completed.

If connected to Linux via SSH, do not disconnect. Use a new terminal to connect to Linux once. If the connection is successful, then disconnect. If unable to connect, troubleshoot further.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.