[Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH

Posted on By nim No Comments on [Vulnerability] CVE-2024-6387 – Critical vulnerability in OpenSSH

CVE-2024-6387 is a critical vulnerability in OpenSSH that allows unauthenticated remote code execution, affecting millions of Linux systems. The flaw, named “regreSSHion,” is particularly dangerous because it can be exploited without authentication, making it a significant threat to affected systems.
Affected Versions: 8.5p1 to 9.7p1.

Stop and Remove Existing OpenSSH Service

sudo systemctl stop sshd
sudo apt-get remove openssh-server openssh-client

Install OpenSSH 9.8

wget https://repo.jing.rocks/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar zxvf openssh-9.8.tar.gz
cd openssh-9.8
./configure

Maybe you encounter failure with ./configure

you need to run

sudo apt-get update
sudo apt install build-essential

if your Linux misses zlib.h

sudo apt-get install zlib1g-dev

It’s not working libcrypto

sudo apt-get install libssl-dev

Continue run ./configure

./configure
sudo apt install make
make
sudo make install

Set Up and Start the New SSH Service

sudo nano /etc/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
After=network.target

[Service]
ExecStart=/usr/local/sbin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl start sshd
sudo systemctl enable sshd

You can encounter errors with sudo systemctl start sshd

Please run:

sudo systemctl unmask ssh.service

Verify Installation

ssh -V
sudo systemctl status sshd

refer to: https://www.statpan.com/2024/07/how-to-update-openssh-to-98p1.html

Cuối cùng bạn có thể dùng nmap để test lại vulnerability:

root@LP11-D7891:~# sudo nmap -sV --script=vuln ec2-xx-xx-xx-xx.us-west-2.compute.amazonaws.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-06 01:45 +07
Nmap scan report for ec2-34-219-62-135.us-west-2.compute.amazonaws.com (34.219.62.135)
Host is up (0.22s latency).
Not shown: 997 closed ports
PORT    STATE    SERVICE VERSION
22/tcp  open     ssh     OpenSSH 9.8 (protocol 2.0)
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| vulners:
|   cpe:/a:openbsd:openssh:9.8:
|       PACKETSTORM:179290      8.1     https://vulners.com/packetstorm/PACKETSTORM:179290      *EXPLOIT*
|       FB2E9ED1-43D7-585C-A197-0D6628B20134    8.1     https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134  *EXPLOIT*
|       FA3992CE-9C4C-5350-8134-177126E0BD3F    8.1     https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F  *EXPLOIT*
DevSecOps

More Related Articles

[OPA Conftest] general-purpose policy engine DevSecOps
[Security] How to access S3 when you stay at any EC2! DevSecOps
[DevSecOps] What is DevSecOps DevSecOps
[DevSecOps] K8s Runtime Attack Scenarios Introduction DevSecOps
[DefectDojo] Vulnerability Management and Remediation by DefectDojo DevSecOps
How do companies ship code to production? Coding

Leave a Reply

Your email address will not be published. Required fields are marked *