Hello, Dear Users.

Recently OpenSSH has burst a serious vulnerability, for security considerations, please test whether you are in the affected range.

Vulnerability details: CVE-2024-6387 High risk: average 6-8 hours to obtain root privileges

A Remote Code Execution (RCE) vulnerability has been identified in OpenSSH due to a signal handler contention issue in the OpenSSH server (sshd), which can be exploited by an unauthenticated attacker to execute arbitrary code as root on a Linux system.

Versions affected: 4.4p1 and 8.5p1 <= OpenSSH < 9.7p1

Affected systems: Debian12 OpenSSH 9.2p1, Ubuntu 22.04 OpenSSH 8.9p1.

Tips: Most of the affected systems are newer versions of Ubuntu, Debian and Centos9, while older versions of Centos6, 7 and 8 are not affected. 

The ssh -V command allows you to check the current version of your server. 

If you are using a version of OpenSSH within the affected range, please use the official source to update to OpenSSH 9.8p1 as soon as possible, third-party mirrors may not be able to update to the latest security version due to synchronization lag and other issues.

Please refer to the following:

https://www.openssh.com/txt/release-9.8

https://www.cve.org/CVERecord?id=CVE-2024-6387

Tuesday, 2nd July, 2024，18:26pm