A vulnerability has just been discovered in OpenSSH with a CVSS score of 7.0 (High). The National Institute of Standards and Technology (NIST) have said “As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server” (CVE-2024-6409).
OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SYSTEMS AFFECTED
- OpenSSH versions earlier than 4.4p1 (unless patched for CVE-2006-5051 and CVE-2008-4109)
- OpenSSH versions 8.5p1 up to, but not including, 9.8p1
RISK
Government:
Large and medium government entities: High
Small government entities: Medium
Businesses:
Large and medium business entities: High
Small business entities: Medium
Home users: Low
TECHNICAL SUMMARY
A vulnerability has been discovered in OpenSSH, which could allow for remote code execution. Details of the vulnerability ilncude:
Tactic: Initial Access (TA0001):
Technique: Exploit Public-Facing Application (T1190):
CVE-2024-6387: A Race condition vulnerability exists in sshd(8), which could allow for unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction. It poses a significant exploit risk.
RESOLUTION (Generated from Rebasoft)
To eliminate this vulnerability, please follow these instructions:
1. Update the system:
sudo yum update
2. Install these build tools & dependencies:
sudo yum groupinstall -y “Development Tools”
sudo yum install -y zlib-devel openssl-devel pam-devel libselinux-devel libedit-devel
3. Download the OpenSSH 9.8 package:
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
4. Extract the OpenSSH 9.8 package:
tar -xzf openssh-9.8p1.tar.gz cd openssh-9.8p1
5. Configure the source code for your system:
./configure
6. Compile and install OpenSSH:
make sudo make install
7. Verify the version installed:
ssh -V