尽快升级openssh

看到一个奇安信发的公众号,openssh出来一个高危漏洞

已经有人上了攻击实现?
https://github.com/7etsuo/cve-2024-6387-poc

查看版本命令

sshd -v
19 Likes

吓人,不是这怎么爆出这么严重的漏洞,赶紧回去把小鸡上的openssh更新了

2 Likes

真快呀,不过好像成功率比较低

1 Like

看ubuntu的软件源好像还没更新,就自己编译安装一下吧

# 安装编译依赖
sudo apt-get update
sudo apt-get install -y build-essential zlib1g-dev libssl-dev

# 下载指定版本源码
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz

# 解压并进入目录
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1

# 编译和安装
./configure
make
sudo make install

# 启动并检查安装
sudo systemctl restart ssh
ssh -V
19 Likes

linux.do是真火了 :dog:

6 Likes

牛逼

你限制简中了,简中谷歌好像就这有

1 Like

受影响的版本 link

Affected OpenSSH versions:

  • OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.

  • Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.

  • The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

早于4.4p1 的版本受影响。
4.4p1 到 8.5p1(不包含8.5p1)之间的版本不受影响
8.5p1到9.8p1 (不包含9.8p1)之间的版本受影响。

这么吓人

成功利用了?

在老版本操作系统上成功了,大概需要10000次尝试,完全属于可行的攻击手段

新版本系统理论也可行,但是发现漏洞的团队决定先披露漏洞再继续尝试攻击新系统

ssh 8.9p1,试了4w次没弄进去

github执行库被删了

这么热乎的,就搜到了啊

可以换成 WindTerm

Needs adjustment for specific target systems.
直接跑看运气

1 Like

莫不成会是地震大洞

CVE-2024-6387 | Ubuntu

Mitigation

Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.

Ubuntu给的临时方案,当然有条件还是赶紧更新

1 Like

有人说
fail2ban直接就拦截了