SSH RCE vulnerability, check version with ssh -V, versions earlier than 4.4p1 are affected,
Versions between 4.4p1 and 8.5p1 (excluding 8.5p1) are not affected,
Versions between 8.5p1 and 9.8p1 (excluding 9.8p1) are affected.
Solution:
Upgrade SSH version, compile and install:
Install compilation dependencies#
sudo apt-get update
sudo apt-get install -y build-essential zlib1g-dev libssl-dev
Download specific version source code#
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
Unpack and enter directory#
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
Compile and install#
./configure
make
sudo make install
Restart service#
sudo systemctl restart ssh
Disconnect SSH connection, reconnect and check version#
ssh -V
OpenSSH Server Remote Code Execution Vulnerability POC
A race condition vulnerability exists in versions between 8.5p1 and 9.7p1 in Openssh Server. If the client does not authenticate within 120 seconds (defined by LoginGraceTime setting), the sshd's SIGALRM handler will be asynchronously called in a non-async signal-safe manner. Successfully exploiting this vulnerability can allow a remote attacker to execute remote code with root privileges.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server