Monday 8 july 2024
Vulnerability & Impact
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd) for Ubuntu. An unauthenticated remote attacker may be able to run commands on a machine through the ssh protocol.
More information can be found here.
Secure ANalysis Environment (SANE)
A machine is only vulnerable if it has the SSH port open for the internet. For SANE projects this means data servers don't have to be updated.
Solution
The solution is to update SSHD on the machine. This can be done in two ways:
1 - Start new workspace
If you delete your vulnerable workspace and start a new one, a new version of the sshd packages will be installed.
2 - Update your active workspace
You can also update your active workspace. For this we have created a script.
The script does the following:
- Update the packages repository information
- Upgrade all packages
- Turn on automatic updates
- Check whether the script was successful, it returns results of the sshd version check.
To use the script go to a terminal on your machine and run the following command:
curl -s -L https://servicedesk.surf.nl/wiki/download/attachments/112591655/CVE-2024-6387.sh | sudo bash
Succes:
"Your OpenSSH version $ssh_version is not vulnerable to CVE-2024-6387."
Failure:
"Your OpenSSH version $ssh_version is vulnerable to CVE-2024-6387."
Please contact the servicedesk if the script failed.
How to get and use a terminal
If you are using SSH to log in to your workspace, you probably know how to use the terminal (SSH is the method based on public/private key-pairs).
If you are using a Jupyter Notebook or a RStudio workspace, there is an even easier to way to get a terminal and enter the command line given above.
Jupyter Notebook
The terminal is available in the lower part of the Jupyter Hub launcher view under "other":
Click on the icon to open a terminal tab. A terminal tab opens.
Copy/paste the command that is given above after the terminal prompt ("...:~$ ")
RStudio
The terminal is available as a tab next to the "console" tab:
Go to the Terminal tab.
Copy/paste the command that is given above after the terminal prompt ("...:~$ ")
Script: CVE-2024-6387.sh