关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
Mitigation Guide for CVE-2024-6387 in OpenSSH
介绍
## Document Title - Mitigation Guide for CVE-2024-6387 in OpenSSH
### Introduction
This document outlines the steps for mitigating CVE-2024-6387, a security vulnerability affecting OpenSSH versions from 8.5p1 to 9.8p1. The vulnerability can be mitigated in two ways:
1. Adjusting the `LoginGraceTime` setting in the SSH configuration to reduce the window of opportunity for an attack.
2. Upgrading to a version of OpenSSH that is patched against CVE-2024-6387 (if such a version is available and compatible with your systems).
### Mitigation Option 1 - Configuring `LoginGraceTime`
The `LoginGraceTime` parameter specifies the time limit for SSH clients to authenticate successfully. Setting this parameter to 0 can effectively reduce the vulnerability window by requiring immediate authentication upon connection.
#### Steps to Adjust `LoginGraceTime`
1. **Open the SSH Configuration File**
As the root user, open the `/etc/ssh/sshd_config` file using a text editor. For example:
```bash
vim /etc/ssh/sshd_config
```
2. **Modify the `LoginGraceTime` Parameter**
Locate the `LoginGraceTime` parameter. If it exists, modify it to:
```plaintext
LoginGraceTime 0
```
If the parameter does not exist, add it to the file with the same setting.
3. **Save and Close the File**
After making the changes, save the file and exit the text editor.
4. **Restart the SSH Service**
Apply the changes by restarting the SSH daemon:
```bash
systemctl restart sshd.service
```
5. **Verify the Configuration (Optional)**
Ensure that the configuration has been applied correctly:
```bash
sshd -T | grep logingracetime
```
This command should output `logingracetime 0`, confirming that the setting is applied.
### Mitigation Option 2 - Upgrading OpenSSH
If an upgrade path is available that patches CVE-2024-6387, it is recommended to update OpenSSH to this version. Follow these general steps to upgrade OpenSSH:
1. **Check Current Version**
Verify the current version of OpenSSH installed on your system:
```bash
ssh -V
```
2. **Search for Available Versions**
Check if a patched version is available in your distribution's repository:
```bash
apt list -a openssh-server
```
3. **Upgrade OpenSSH**
If a secure version is available, upgrade using the package manager:
```bash
sudo apt update
sudo apt upgrade openssh-server
```
4. **Restart the SSH Service**
Restart the SSH daemon to apply the upgrade:
```bash
systemctl restart sshd.service
```
5. **Verify the Upgrade**
Check the version again to ensure the upgrade was successful:
```bash
ssh -V
```
---
[Proof of Concept for CVE-2024-6387](https://github.com/acrono/cve-2024-6387-poc/)
文件快照
[4.0K] /data/pocs/3bfe10d36aeb9bb8cf29b7625080509cd67871dd
├── [4.0K] CVE-2024-6387_Check.py
└── [2.7K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。