OpenSSH regreSSHion Vulnerability (CVE-2024-6387)

TABLE OF CONTENTS

• DESCRIPTION
• MITIGATION
• STEPS
  • Update OS OpenSSH
  • Update iRASS

DESCRIPTION

A critical vulnerability, identified as CVE-2024-6387, affects OpenSSH server (sshd) on all Enterprise Linux 9 system. This issue involves a signal handler race condition that can lead to a potential remote code execution.

MITIGATION

• Update OS OpenSSH
• Update Irass OpenSSH

STEPS

Update OS OpenSSH

1. Download the updated RPM packages and move them to the server via SFTP

1. OpenSSH-8.7p1-38
2. OpenSSH-Clients-8.7p1-38
3. OpenSSH-Server-8.7p1-38

2. Update OpenSSH RPM packages

$ sudo dnf install openssh-8.7p1-38.el9_4.1.x86_64.rpm openssh-clients-8.7p1-38.el9_4.1.x86_64.rpm openssh-server-8.7p1-38.el9_4.1.x86_64.rpm

3. Restart the sshd service

$ sudo systemctl restart sshd

Update iRASS

1. Get the patch file from SecureKi Support

2. Update the patch file

$ sudo tar -xvpf irass_patch_2024-6387.tar.gz -C /

3. Restart iRASS ALL Services

4. Check iRASS sshd version

$ ./irass_sshd -V