看到一个奇安信发的公众号,openssh出来一个高危漏洞
已经有人上了攻击实现?
https://github.com/7etsuo/cve-2024-6387-poc
查看版本命令
sshd -v
吓人,不是这怎么爆出这么严重的漏洞,赶紧回去把小鸡上的openssh更新了
真快呀,不过好像成功率比较低
看ubuntu的软件源好像还没更新,就自己编译安装一下吧
# 安装编译依赖
sudo apt-get update
sudo apt-get install -y build-essential zlib1g-dev libssl-dev
# 下载指定版本源码
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
# 解压并进入目录
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
# 编译和安装
./configure
make
sudo make install
# 启动并检查安装
sudo systemctl restart ssh
ssh -V
牛逼
你限制简中了,简中谷歌好像就这有
受影响的版本 link
OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.
Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.
早于4.4p1 的版本受影响。
4.4p1 到 8.5p1(不包含8.5p1)之间的版本不受影响。
8.5p1到9.8p1 (不包含9.8p1)之间的版本受影响。
这么吓人
成功利用了?
在老版本操作系统上成功了,大概需要10000次尝试,完全属于可行的攻击手段
新版本系统理论也可行,但是发现漏洞的团队决定先披露漏洞再继续尝试攻击新系统
ssh 8.9p1,试了4w次没弄进去
github执行库被删了
这么热乎的,就搜到了啊
可以换成 WindTerm
Needs adjustment for specific target systems.
直接跑看运气
莫不成会是地震大洞
Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.
Ubuntu给的临时方案,当然有条件还是赶紧更新
有人说
fail2ban直接就拦截了