Monday 8 july 2024

Vulnerability & Impact

A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd) for Ubuntu.  An unauthenticated remote attacker may be able to run commands on a machine through the ssh protocol.

 More information can be found here.


Secure ANalysis Environment (SANE)

A machine is only vulnerable if it has the SSH port open for the internet. For SANE projects this means data servers don't have to be updated.

Solution

The solution is to update SSHD on the machine. This can be done in two ways:

1 - Start new workspace


If you delete your vulnerable workspace and start a new one, a new version of the sshd packages will be installed.

2 - Update your active workspace


You can also update your active workspace. For this we have created a script. 

The script does the following:

  • Update the packages repository information
  • Upgrade all packages
  • Turn on automatic updates
  • Check whether the script was successful, it returns results of the sshd version check.


To use the script go to a terminal on your machine and run the following command:

curl -s -L https://servicedesk.surf.nl/wiki/download/attachments/112591655/CVE-2024-6387.sh | sudo bash


Succes:

"Your OpenSSH version $ssh_version is not vulnerable to CVE-2024-6387."

Failure:

"Your OpenSSH version $ssh_version is vulnerable to CVE-2024-6387."

 Please contact the servicedesk if the script failed.



"Paused" machines can be updated after your next resume, they are not vulnerable in "paused" state.

How to get and use a terminal

If you are using SSH to log in to your workspace, you probably know how to use the terminal (SSH is the method based on public/private key-pairs).

If you are using a Jupyter Notebook or a RStudio workspace, there is an even easier to way to get a terminal and enter the command line given above.

Jupyter Notebook

The terminal is available in the lower part of the Jupyter Hub launcher view under "other":

 


Click on the icon to open a terminal tab. A terminal tab opens.

Copy/paste the command that is given above after the terminal prompt ("...:~$ ")

RStudio

The terminal is available as a tab next to the "console" tab:

 


Go to the Terminal tab.

Copy/paste the command that is given above after the terminal prompt ("...:~$ ")

Script: CVE-2024-6387.sh


  • No labels