公告
- Tuesday, 2nd July, 2024
- 13:40pm
CVE-2024-6387: Specific versions of OpenSSH are vulnerable to a remote code execution (RCE) flaw.
Under particular conditions, this vulnerability can be reproduced in a laboratory setting after approximately 8 hours of continuous connection attempts, primarily affecting systems using glibc with newer versions of OpenSSH.
Affected versions include:
- Versions of OpenSSH less than 4.4p1, unless patched with CVE-2006-5051 or CVE-2008-4109
- Versions of OpenSSH from 8.5p1 to 9.8p1, which are affected again due to incorrect modifications
Versions from OpenSSH 4.4p1 to 8.5p1 are currently deemed safe.
To mitigate risks, it is advised to closely monitor and promptly install the latest software updates. You may also consider configuring firewalls to restrict the sources of SSH connections.
We recommend all users to run the following command to complete the vulnerability patch:
apt update -y && apt upgrade -y
For users on older systems such as Centos7 and Debian10, please manually update OpenSSH to ensure security.
Powered by WHMCompleteSolution
AS215355 - Alice Networks LTD provides server hosting, leasing, and RIPE NCC LIR services across multiple global data centers.