来源

关联漏洞

描述

Vulnerability remediation and mitigationCVE-2024-6387

介绍

# CVE-2024-6387-how-to-fix
Vulnerability remediation and mitigationCVE-2024-6387

# CVE-2024-6387: Critical RCE Vulnerability in OpenSSH ('regreSSHion')
* [My LinkedIn article](https://www.linkedin.com/posts/juan-mathews-rebello-santos-_github-azurejogacve-2024-6387-how-to-fix-activity-7215108434994577410-C1Id?utm_source=share&utm_medium=member_desktop)

* [CVE Details](https://www.cvedetails.com/cve/CVE-2024-6387/)

## Description
Qualys Threat Research Unit (TRU) has detailed a severe security flaw named 'regreSSHion' that leaves millions of Linux systems vulnerable to remote code execution (RCE). Identified as CVE-2024-6387 and discovered in May 2024, this vulnerability affects the OpenSSH server (sshd) on glibc-based Linux systems, allowing unauthenticated attackers to gain root access and take full control of affected machines.

“This bug marks the first vulnerability in OpenSSH in almost two decades — an unauthenticated RCE that grants root access. It affects the default configuration and requires no user interaction, posing a significant risk of exploitation,” notes the Qualys research group.

Qualys has also published a more technical article that delves into the exploitation process and possible mitigation strategies.

## Affected Versions
The regreSSHion flaw affects OpenSSH servers on Linux from version 8.5p1 up to, but not including, 9.8p1. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable to CVE-2024-6387 due to a patch for CVE-2006-5051, which secured a previously unsafe function. Versions prior to 4.4p1 are vulnerable to this regression unless patched for CVE-2006-5051 and CVE-2008-4109.

There is already a proof-of-concept (PoC) available for this vulnerability, and it is possible to search for vulnerable servers on the internet.

## Fixing the Vulnerability

CVE-2024-6387 affects earlier versions of OpenSSH and can be fixed by updating to the latest version. This tutorial will guide you through the process of downloading, compiling, and installing the latest version of OpenSSH, ensuring your installation is secure against this vulnerability.

### Step 1: Download and Prepare for Compilation

First, we will download and prepare the compilation of the latest OpenSSH version.

#### Install Compilation Dependencies

Run the following commands to update your system and install the necessary dependencies:
```sh
apt update
apt install build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev wget -y
```

#### Download the Latest Version of OpenSSH

Navigate to the `/usr/local/src` directory and download the latest OpenSSH package:
```sh
cd /usr/local/src
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
```

### Step 2: Compile and Install

Now, we will compile and install OpenSSH:
```sh
./configure
make
make install
```

### Step 3: Verify the Updated Version

After installation, verify the OpenSSH version to ensure the update was successful:
```sh
/usr/local/bin/ssh -V
```

### Step 4: Update the PATH

Ensure the new OpenSSH is in the correct PATH.

Add `/usr/local/bin` to the PATH:
```sh
export PATH=/usr/local/bin:$PATH
```

Add this line to your profile file (`~/.bashrc` or `~/.profile`) to make it permanent:
```sh
echo ‘export PATH=/usr/local/bin:$PATH’ >> ~/.bashrc
source ~/.bashrc
```

### Step 5: Check the SSH Service

Restart the SSH service to ensure it is using the new version. Be very careful not to disrupt your current SSH connection:
```sh
systemctl restart ssh
```

## Conclusion

By following these steps, you have secured your OpenSSH installation against the critical CVE-2024-6387 vulnerability. Stay vigilant and ensure your systems are always up-to-date with the latest security patches.

## Credits and Sources

1. [Patch Tutorial](https://dolutech.com/tutorial-de-correcao-da-cve-2024-6387-no-openssh/)
2. [Qualys](https://www.qualys.com/regresshion-cve-2024-6387/)
3. [Ubuntu Blog](https://ubuntu.com/blog/ubuntu-regresshion-security-fix)

文件快照

 [4.0K]  /data/pocs/7eca34f9aed1d3ef765ec2a6c03a8dc46416457c
├── [1.1K]  LICENSE
└── [4.0K]  README.md

0 directories, 2 files

备注