漏洞说明
CVE-2024-6387:regreSSHion:OpenSSH 服务器中的远程代码执行(RCE),至少在基于 glibc 的 Linux 系统上可被利用。
根据 oss-security – CVE-2024-6387: RCE in OpenSSH’s server, on glibc-based Linux systems 的发现并由 oss-security – Announce: OpenSSH 9.8 released 上游总结,在 Portable OpenSSH 版本 8.5p1 至 9.7p1(含)中,sshd(8) 存在一个严重漏洞,可能允许以 root 权限执行任意代码。
在 32 位的 Linux/glibc 系统上,成功利用该漏洞已被证明,且需要启用地址空间布局随机化(ASLR)。在实验室条件下,攻击平均需要 6-8 小时的持续连接,直到服务器达到最大连接数为止。目前尚未证明在 64 位系统上可以利用该漏洞,但认为这可能是可行的。这些攻击很有可能会得到进一步改进。
公开披露日期: 2024年7月1日
影响范围: Rocky Linux 9
修复版本:8.7p1-38.el9_4.security.0.5 2024 年 7 月 1 日可用。
不受影响: Rocky Linux 8
最新修复方案
RedHat 上游已经修复 CVE-2024-6387 漏洞,详见参阅:RHSA-2024:4312 – Security Advisory – Red Hat Customer Portal,Rocky Linux 9 已经第一时间更新,执行 dnf update 更新 OpenSSH 包即可。
[root@localhost ~]# dnf upgrade openssh
上次元数据过期检查:1:42:00 前,执行于 2024年07月04日 星期四 14时54分55秒。
依赖关系解决。
================================================================================================================================================================================================================================================================
软件包 架构 版本 仓库 大小
================================================================================================================================================================================================================================================================
升级:
openssh x86_64 8.7p1-38.el9_4.1 baseos 458 k
openssh-clients x86_64 8.7p1-38.el9_4.1 baseos 713 k
openssh-server x86_64 8.7p1-38.el9_4.1 baseos 459 k
事务概要
================================================================================================================================================================================================================================================================
升级 3 软件包
总下载:1.6 M
确定吗?[y/N]: y
下载软件包:
(1/3): openssh-server-8.7p1-38.el9_4.1.x86_64.rpm 1.8 MB/s | 459 kB 00:00
(2/3): openssh-clients-8.7p1-38.el9_4.1.x86_64.rpm 2.7 MB/s | 713 kB 00:00
(3/3): openssh-8.7p1-38.el9_4.1.x86_64.rpm 1.7 MB/s | 458 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总计 1.9 MB/s | 1.6 MB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
运行脚本: openssh-8.7p1-38.el9_4.1.x86_64 1/6
升级 : openssh-8.7p1-38.el9_4.1.x86_64 1/6
运行脚本: openssh-server-8.7p1-38.el9_4.1.x86_64 2/6
升级 : openssh-server-8.7p1-38.el9_4.1.x86_64 2/6
运行脚本: openssh-server-8.7p1-38.el9_4.1.x86_64 2/6
升级 : openssh-clients-8.7p1-38.el9_4.1.x86_64 3/6
运行脚本: openssh-clients-8.7p1-38.el9_4.1.x86_64 3/6
运行脚本: openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 4/6
清理 : openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 4/6
运行脚本: openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 5/6
清理 : openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 5/6
运行脚本: openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 5/6
清理 : openssh-8.7p1-38.el9_4.security.0.5.x86_64 6/6
运行脚本: openssh-8.7p1-38.el9_4.security.0.5.x86_64 6/6
验证 : openssh-server-8.7p1-38.el9_4.1.x86_64 1/6
验证 : openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 2/6
验证 : openssh-clients-8.7p1-38.el9_4.1.x86_64 3/6
验证 : openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 4/6
验证 : openssh-8.7p1-38.el9_4.1.x86_64 5/6
验证 : openssh-8.7p1-38.el9_4.security.0.5.x86_64 6/6
已升级:
openssh-8.7p1-38.el9_4.1.x86_64 openssh-clients-8.7p1-38.el9_4.1.x86_64 openssh-server-8.7p1-38.el9_4.1.x86_64
完毕!
# 确保安装最新版本,安装过程会自动重启 sshd 服务。
[root@localhost ~]# rpm -qa | grep openssh
openssh-8.7p1-38.el9_4.1.x86_64
openssh-clients-8.7p1-38.el9_4.1.x86_64
openssh-server-8.7p1-38.el9_4.1.x86_64修复方案 【作废】
安装 8.7p1-38.el9_4.security.0.5 即可。
# 查看当前版本
[root@localhost ~]# rpm -qa | grep openssh
openssh-8.7p1-38.el9.x86_64
openssh-clients-8.7p1-38.el9.x86_64
openssh-server-8.7p1-38.el9.x86_64
# 安装更新源
[root@localhost ~]# dnf install -y rocky-release-security
Last metadata expiration check: 1:16:01 ago on Wed 03 Jul 2024 09:08:38 AM CST.
Dependencies resolved.
================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================
Installing:
rocky-release-security noarch 9-4.el9 extras 9.5 k
Transaction Summary
================================================================================================================================================================================================================================================================
Install 1 Package
Total download size: 9.5 k
Installed size: 3.2 k
Downloading Packages:
rocky-release-security-9-4.el9.noarch.rpm 38 kB/s | 9.5 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 38 kB/s | 9.5 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : rocky-release-security-9-4.el9.noarch 1/1
Running scriptlet: rocky-release-security-9-4.el9.noarch 1/1
Verifying : rocky-release-security-9-4.el9.noarch 1/1
Installed:
rocky-release-security-9-4.el9.noarch
Complete!
# 禁用 SIG/Security security-common repo
[root@localhost ~]# dnf config-manager --disable security-common
# 升级 openssh
[root@localhost ~]# dnf --enablerepo=security-common -y update openssh\*
Rocky Linux 9 - SIG Security Common 35 kB/s | 117 kB 00:03
Last metadata expiration check: 0:00:01 ago on Wed 03 Jul 2024 10:25:04 AM CST.
Dependencies resolved.
================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================================================================================================
Upgrading:
openssh x86_64 8.7p1-38.el9_4.security.0.5 security-common 453 k
openssh-clients x86_64 8.7p1-38.el9_4.security.0.5 security-common 693 k
openssh-server x86_64 8.7p1-38.el9_4.security.0.5 security-common 435 k
Transaction Summary
================================================================================================================================================================================================================================================================
Upgrade 3 Packages
Total download size: 1.5 M
Downloading Packages:
(1/3): openssh-server-8.7p1-38.el9_4.security.0.5.x86_64.rpm 122 kB/s | 435 kB 00:03
(2/3): openssh-8.7p1-38.el9_4.security.0.5.x86_64.rpm 125 kB/s | 453 kB 00:03
(3/3): openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64.rpm 171 kB/s | 693 kB 00:04
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 331 kB/s | 1.5 MB 00:04
Rocky Linux 9 - SIG Security Common 1.6 MB/s | 1.7 kB 00:00
Importing GPG key 0x0FE8D526:
Userid : "Rocky Linux 9 SIGs - Security <[email protected]>"
Fingerprint: 23DC 35EB E743 BAB0 CED2 1D20 8D79 B737 0FE8 D526
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-SIG-Security
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: openssh-8.7p1-38.el9_4.security.0.5.x86_64 1/6
Upgrading : openssh-8.7p1-38.el9_4.security.0.5.x86_64 1/6
Running scriptlet: openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 2/6
Upgrading : openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 2/6
Running scriptlet: openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 2/6
Upgrading : openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 3/6
Running scriptlet: openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 3/6
Running scriptlet: openssh-clients-8.7p1-38.el9.x86_64 4/6
Cleanup : openssh-clients-8.7p1-38.el9.x86_64 4/6
Running scriptlet: openssh-server-8.7p1-38.el9.x86_64 5/6
Cleanup : openssh-server-8.7p1-38.el9.x86_64 5/6
Running scriptlet: openssh-server-8.7p1-38.el9.x86_64 5/6
Cleanup : openssh-8.7p1-38.el9.x86_64 6/6
Running scriptlet: openssh-8.7p1-38.el9.x86_64 6/6
Verifying : openssh-server-8.7p1-38.el9_4.security.0.5.x86_64 1/6
Verifying : openssh-server-8.7p1-38.el9.x86_64 2/6
Verifying : openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 3/6
Verifying : openssh-clients-8.7p1-38.el9.x86_64 4/6
Verifying : openssh-8.7p1-38.el9_4.security.0.5.x86_64 5/6
Verifying : openssh-8.7p1-38.el9.x86_64 6/6
Upgraded:
openssh-8.7p1-38.el9_4.security.0.5.x86_64 openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64 openssh-server-8.7p1-38.el9_4.security.0.5.x86_64
Complete!
# 确保 openssh-8.7p1-38.el9_4.security.0.5 已安装
[root@localhost ~]# rpm -q openssh
openssh-8.7p1-38.el9_4.security.0.5.x86_64
[root@localhost ~]# rpm -qa | grep openssh
openssh-8.7p1-38.el9_4.security.0.5.x86_64
openssh-server-8.7p1-38.el9_4.security.0.5.x86_64
openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64
# 因为安装过程中会自动重启 sshd 服务,所以安装完后无需再手动重启服务
[root@localhost ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Wed 2024-07-03 10:18:42 CST; 34s ago # 重启时间
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 64456 (sshd)
Tasks: 1 (limit: 48933)
Memory: 1.1M
CPU: 14ms
CGroup: /system.slice/sshd.service
└─64456 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Jul 03 10:18:42 localhost systemd[1]: Starting OpenSSH server daemon...
Jul 03 10:18:42 localhost sshd[64456]: Server listening on 0.0.0.0 port 22.
Jul 03 10:18:42 localhost systemd[1]: Started OpenSSH server daemon.特别补充
手动安装 rocky-release-security,支持所有其它 RedHat 系发行版对应 OpenSSH 漏洞修复。
# 手动安装
[root@localhost ~]# rpm -ivh https://download.rockylinux.org/pub/rocky/9/extras/x86_64/os/Packages/r/rocky-release-security-9-4.el9.noarch.rpm
# 禁用 SIG/Security security-common repo
[root@localhost ~]# dnf config-manager --disable security-common
# 升级 openssh
[root@localhost ~]# dnf --enablerepo=security-common -y update openssh\*
# 确保 openssh-8.7p1-38.el9_4.security.0.5 已安装
[root@localhost ~]# rpm -q openssh
openssh-8.7p1-38.el9_4.security.0.5.x86_64
[root@localhost ~]# rpm -qa | grep openssh
openssh-8.7p1-38.el9_4.security.0.5.x86_64
openssh-server-8.7p1-38.el9_4.security.0.5.x86_64
openssh-clients-8.7p1-38.el9_4.security.0.5.x86_64如果您正在使用到 AWS 云 Amazon Linux 操作系统,官方影响面说明参考链接:CVE-2024-6387
影响范围: Amazon Linux 2023
不受影响: Amazon Linux 1、Amazon Linux 2 – Core
修复方案: ALAS-2024-649
dnf update openssh --releasever 2023.5.20240701参考文献
[1] CVE-2024-6387: openssh – SIG/Security Wiki
版权声明:「自由转载-保持署名-非商业性使用-禁止演绎 3.0 国际」(CC BY-NC-ND 3.0)
用一杯咖啡支持我们,我们的每一篇[文档]都经过实际操作和精心打磨,而不是简单地从网上复制粘贴。期间投入了大量心血,只为能够真正帮助到您。
暂无评论
