Monday 8 july 2024

Vulnerability & Impact

A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd) for Ubuntu.  An unauthenticated remote attacker may be able to run commands on a machine through the ssh protocol.

 More information can be found here.

Secure ANalysis Environment (SANE)

A machine is only vulnerable if it has the SSH port open for the internet. For SANE projects this means data servers don't have to be updated.


The solution is to update SSHD on the machine. This can be done in two ways:

1 - Start new workspace

If you delete your vulnerable workspace and start a new one, a new version of the sshd packages will be installed.

2 - Update your active workspace

You can also update your active workspace. For this we have created a script. 

The script does the following:

  • Update the packages repository information
  • Upgrade all packages
  • Turn on automatic updates
  • Check whether the script was successful, it returns results of the sshd version check.

To use the script go to a terminal on your machine and run the following command:

curl -s -L | sudo bash


"Your OpenSSH version $ssh_version is not vulnerable to CVE-2024-6387."


"Your OpenSSH version $ssh_version is vulnerable to CVE-2024-6387."

 Please contact the servicedesk if the script failed.

"Paused" machines can be updated after your next resume, they are not vulnerable in "paused" state.

How to get and use a terminal

If you are using SSH to log in to your workspace, you probably know how to use the terminal (SSH is the method based on public/private key-pairs).

If you are using a Jupyter Notebook or a RStudio workspace, there is an even easier to way to get a terminal and enter the command line given above.

Jupyter Notebook

The terminal is available in the lower part of the Jupyter Hub launcher view under "other":


Click on the icon to open a terminal tab. A terminal tab opens.

Copy/paste the command that is given above after the terminal prompt ("...:~$ ")


The terminal is available as a tab next to the "console" tab:


Go to the Terminal tab.

Copy/paste the command that is given above after the terminal prompt ("...:~$ ")


  • No labels