CVE-2024-6387 is a critical vulnerability in OpenSSH that allows unauthenticated remote code execution, affecting millions of Linux systems. The flaw, named “regreSSHion,” is particularly dangerous because it can be exploited without authentication, making it a significant threat to affected systems.
Affected Versions: 8.5p1 to 9.7p1.
Stop and Remove Existing OpenSSH Service
sudo systemctl stop sshd sudo apt-get remove openssh-server openssh-client
Install OpenSSH 9.8
wget https://repo.jing.rocks/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz tar zxvf openssh-9.8.tar.gz cd openssh-9.8 ./configure
Maybe you encounter failure with ./configure
you need to run
sudo apt-get update sudo apt install build-essential
if your Linux misses zlib.h
sudo apt-get install zlib1g-dev
It’s not working libcrypto
sudo apt-get install libssl-dev
Continue run ./configure
./configure sudo apt install make make sudo make install
Set Up and Start the New SSH Service
sudo nano /etc/systemd/system/sshd.service
[Unit] Description=OpenSSH server daemon After=network.target [Service] ExecStart=/usr/local/sbin/sshd -D ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target
sudo systemctl daemon-reload sudo systemctl start sshd sudo systemctl enable sshd
You can encounter errors with sudo systemctl start sshd
Please run:
sudo systemctl unmask ssh.service
Verify Installation
ssh -V sudo systemctl status sshd
refer to: https://www.statpan.com/2024/07/how-to-update-openssh-to-98p1.html
Cuối cùng bạn có thể dùng nmap để test lại vulnerability:
root@LP11-D7891:~# sudo nmap -sV --script=vuln ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-06 01:45 +07 Nmap scan report for ec2-34-219-62-135.us-west-2.compute.amazonaws.com (34.219.62.135) Host is up (0.22s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.8 (protocol 2.0) |_clamav-exec: ERROR: Script execution failed (use -d to debug) | vulners: | cpe:/a:openbsd:openssh:9.8: | PACKETSTORM:179290 8.1 https://vulners.com/packetstorm/PACKETSTORM:179290 *EXPLOIT* | FB2E9ED1-43D7-585C-A197-0D6628B20134 8.1 https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134 *EXPLOIT* | FA3992CE-9C4C-5350-8134-177126E0BD3F 8.1 https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F *EXPLOIT*