WHAT’S HAPPENING?
Patching will be performed to protect systems from unauthorized access via OpenSSH vulnerability CVE-2024-6387.
WHEN IS IT HAPPENING?
07/02/24 and 07/03/24
WHY IS IT HAPPENING?
Researchers at Qualys have reported Vulnerability CVE-2024-6387 - the vulnerability in OpenSSH (sshd) allows for unauthorized ssh access via an attack. This vulnerability is currently difficult to exploit and has not been reported as actively exploited. Additional information can be found directly from Qualys here: The regreSSHion Bug
WHO IS AFFECTED?
Ubuntu 22, 23, and 24
Redhat 9
Debian 12
and other systems using OpenSSH with the below criteria:
- OpenSSH versions earlier than 4.4p1 (if not patched for CVE-2006-5051 and CVE-2008-4109)
- OpenSSH 8.5p1 up to, but not including, 9.8p1
Note: OpenBSD systems are not affected due to a secure mechanism developed in 2001
Affected services:
SSH
WHAT DO YOU NEED TO DO?
For endpoints managed by TSO, TSO will perform updates. Users may lose SSH access briefly while SSH services are restarted.
Users who manage their own endpoints should update OpenSSH immediately if a patch is available. If not, users need to set the login grace timer to 0.
Directions to set Login Grace Time.
1. SSH into endpoint
2. Enter the command "sudo vim /etc/ssh/sshd_config"
3. Press "i" key
4. Use cursor arrows to move to Grace Login Timer
5. If the '#' character is at the front of the line; delete it.
6. Use arrows to move the cursor to the numbers after Grace login Timer. If none, use arrows to move to end of the line
7. Change the number to 0
8. Press the escape key to leave the insert mode
9. Press 'SHIFT + :' and enter 'wq'. Then press enter
10. Type the following command:$ sudo /etc/init.d/ssh restart
OR$ sudo service ssh restart
OR for systemd based Ubuntu Linux 16.04/18.04/20.04/22.04/24.04 LTS or above server, execute:$ sudo systemctl restart ssh
WHO SHOULD YOU CONTACT FOR QUESTIONS?
Feel free to contact the TSO Help Desk (CCB 225D, 404.894.7065, helpdesk@cc.gatech.edu).