{"uuid": "f3cbd30a-fd2c-480f-a105-6fe4a075f0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/linuxmalaysiamy/181", "content": "Critical OpenSSH Vulnerability (CVE-2024-6387): Please Update Your Linux\n\nA critical security flaw (CVE-2024-6387) has been identified in OpenSSH, a program widely used for secure remote connections. This vulnerability could allow attackers to completely compromise affected systems (remote code execution).\n\nWho is Affected?\n\nOnly specific versions of OpenSSH (8.5p1 to 9.7p1) running on glibc-based Linux systems are vulnerable. Newer versions are not affected.\n\nWhat to Do?\n\nUpdate OpenSSH: Check your version by running ssh -V in your terminal. If you're using a vulnerable version (8.5p1 to 9.7p1), update immediately.\n\nTemporary Workaround (Use with Caution): Disabling the login grace timeout (setting LoginGraceTime=0 in sshd_config) can mitigate the risk, but be aware it increases susceptibility to denial-of-service attacks.\n\nRecommended Security Enhancement: Install fail2ban to prevent brute-force attacks. This tool automatically bans IPs with too many failed login attempts.\n\nOptional: IP Whitelisting for Increased Security\nOnce you have fail2ban installed, consider allowing only specific IP addresses to access your server via SSH. \n\nThis can be achieved using:\n\nufw for Ubuntu\nfirewalld for AlmaLinux or Rocky Linux\n\nAdditional Resources\n\nOpenSSH Security Page: https://www.openssh.com/security.html\n\nDevSec Hardening Framework - SSH Baseline: https://dev-sec.io/\n\nFail2ban: https://github.com/fail2ban\n\nAbout Fail2ban\n\nFail2ban monitors log files like /var/log/auth.log and bans IPs with excessive failed login attempts. It updates firewall rules to block connections from these IPs for a set duration. Fail2ban is pre-configured to work with common log files and can be easily customized for other logs and errors.\n\nInstallation Instructions\n\nUbuntu: sudo apt install fail2ban\nAlmaLinux/Rocky Linux: sudo dnf install fail2ban\n\n\nAbout DevSec Hardening Framework\n\nThe DevSec Hardening Framework is a set of tools and resources that helps automate the process of securing your server infrastructure. It addresses the challenges of manually hardening servers, which can be complex, error-prone, and time-consuming, especially when managing a large number of servers.\n\nThe framework integrates with popular infrastructure automation tools like Ansible, Chef, and Puppet. It provides pre-configured modules that automatically apply secure settings to your operating systems and services such as OpenSSH, Apache and MySQL. This eliminates the need for manual configuration and reduces the risk of errors.\n\nPrepare by LinuxMalaysia with the help of Google Gemini\n\n5 July 2024\n\n\nVisit my Blog\n\nhttps://blog.harisfazillah.info/2024/07/critical-openssh-vulnerability-cve-2024.html \n\nVisit My Google Doc Web\n\nhttps://docs.google.com/document/d/e/2PACX-1vTSU27PLnDXWKjRJfIcjwh9B0jlSN-tnaO4_eZ_0V5C2oYOPLLblnj3jQOzCKqCwbnqGmpTIE10ZiQo/pub\n\nPerisian Sumber Terbuka Malaysia\n\nhttps://t.me/sumberterbukamalaysia", "creation_timestamp": "2024-07-15T20:47:41.000000Z"}