banner
AcoFork

AcoFork

LOVETOLOVE

SSH RCE vulnerability, updating to 9.8p1 can solve it

SSH RCE vulnerability, check version with ssh -V, versions earlier than 4.4p1 are affected,
Versions between 4.4p1 and 8.5p1 (excluding 8.5p1) are not affected,
Versions between 8.5p1 and 9.8p1 (excluding 9.8p1) are affected.

Solution:
Upgrade SSH version, compile and install:

Install compilation dependencies#

sudo apt-get update
sudo apt-get install -y build-essential zlib1g-dev libssl-dev

Download specific version source code#

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz

Unpack and enter directory#

tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1

Compile and install#

./configure
make
sudo make install

Restart service#

sudo systemctl restart ssh

Disconnect SSH connection, reconnect and check version#

ssh -V

OpenSSH Server Remote Code Execution Vulnerability POC
A race condition vulnerability exists in versions between 8.5p1 and 9.7p1 in Openssh Server. If the client does not authenticate within 120 seconds (defined by LoginGraceTime setting), the sshd's SIGALRM handler will be asynchronously called in a non-async signal-safe manner. Successfully exploiting this vulnerability can allow a remote attacker to execute remote code with root privileges.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.