OpenSSH 爆高危漏洞 CVE-2024-6387

2024年 7月 2日 71.5k 0

影响版本号 8.5p1 ~ 9.7p1.....
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://ubuntu.com/security/CVE-2024-6387

TL:DR: CVE-2024-6387 is a Remote Unauthenticated Code Execution vulnerability in glibc-based Linux systems. Don't panic, as exploitation has currently only been done in lab environments. Patch sooner rather than later if you're running OpenSSH earlier than 4.4p1 or 8.5p1 up to, but not including, 9.8p1.

What happened? A critical vulnerability in sshd(8) was present in portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. (source: https://www.openssh.com/releasenotes.html )

What should I do? Check any exposed Linux glibc systems running OpenSSH and patch them if they are vulnerable.

Is this as bad as the internet is making it out to be? At this time? Not really. Everyone loves a good vulnerability, especially heading into a holiday. Per OpenSSH: "Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been examined. Systems that lack ASLR or users of downstream Linux distributions that have modified OpenSSH to disable per-connection ASLR re-randomisation (yes - this is a thing, no - we don't understand why) may potentially have an easier path to exploitation. OpenBSD is not vulnerable." https://www.openssh.com/releasenotes.html

As soon as a public exploit is available, expect vulnerable systems to start getting hit.

Resources:

OpenSSH Advisory: https://www.openssh.com/releasenotes.html

Qualys Research Blog: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serve

相关文章

塑造我成为 CTO 之路的“秘诀”
“人工智能教母”的公司估值达 10 亿美金
教授吐槽:985 高校成高级蓝翔!研究生基本废了,只为房子、票子……
Windows 蓝屏中断提醒开发者:Rust 比 C/C++ 更好
Claude 3.5 Sonnet 在伽利略幻觉指数中名列前茅
上海新增 11 款已完成登记生成式 AI 服务

发布评论