Critical Security Advisory: regreSSHion (CVE-2024-6387)
Security Researchers at Qualys have discovered a flaw in OpenSSH that could lead to elevated remote code execution.
UPDATE
Fedora has issued a patch for this bug, please make sure your system is up to date. Check the app store in your edition for more information.
What Happened?
Researchers discovered a flaw in sshd that would allow an attacker to remotely execute code as root. This is actually an 18 year old bug (CVE-2006-5051) that regressed in OpenSSH 8.5p1.
Who's Affected?
This flaw appeared in 2020, meaning that all versions of Ultramarine Linux pre-40 are affected. Starting in Ultramarine Linux 40, we started disabling the SSH server by default, mitigating this issue for new installs. UM40 users who upgraded from an older release or converted from Fedora may still be at risk.
What Can I Do to Protect Myself?
The best mitigation is disabling the SSH server on your system.
Simply run
systemctl disable sshd
You'll be prompted for your password with a popup.
This should already be done on Ultramarine 40, but if you're storing sensitive data, it's good to check.
What If I Want to Keep the SSH Server?
It is recommended to update OpenSSH to version 9.8 or newer ASAP.
You may also set LoginGraceTime
to 0
in /etc/ssh/sshd_config
. However this makes sshd vulnerable to a denial of service attack (by allowing the quick exhaustion of all MaxStartups
connections)
What is Fyra Labs Doing to Protect Me?
Traditionally this is a package that we rely on Fedora to provide, but due to the nature of this issue and our infrastructure's reliance on it we will be issuing a patch in Terra soon. Please keep your system up to date and stay tuned for further updates.
We will not be publishing the patch in Terra, Fedora is working on it!
Getting Support
Join one of our Chats, the subreddit, or Open an Issue on GitHub. We'll get you going again in no time.
Affected Products
- All EOL Version of Ultramarine Linux
- Ultramarine Linux 39
- Ultramarine Linux 40 (Except New Installs)
Citations
https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html