How to deal with "CVE-2024-6387" regreSSHion Bug on cPanel?
AnsweredregreSSHion, CVE-2024-6387, is an unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction. It poses a significant exploit risk.
Reference: https://www.qualys.com/regresshion-cve-2024-6387/
How to protect our cPanel servers from this?
-
This is only vulnerable on Almalinux 9.
Suggested mitigation:Add or update the following line in the sshd_config fileLoginGraceTime 0
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!* Open a ticket
EmergencySupport - Professional Server Management and One-time Services0 -
This was addressed by Almalinux yesterday, https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/
[~]# rpm -q openssh
openssh-8.7p1-38.el9.alma.2.x86_64
[ ~]# rpm --changelog -q openssh-8.7p1-38.el9.alma.2.x86_64| less
* Mon Jul 01 2024 Jonathan Wright <jonathan@almalinux.org> - 8.7p1-38.alma.2
- Fix regreSSHion attack
Resolves: CVE-2024-63870 -
Almalinux 8
root@server ~]# rpm -q openssh
openssh-8.0p1-24.el8.x86_64Centos 7
[root@server ~]# rpm -q openssh
openssh-7.4p1-23.el7_9.x86_64Centos 7 and almalinux 8 are not affected.
1 -
Hi,
We've recently published the following support article to guide our users through mitigating this vulnerability:
OpenSSH Vulnerability regreSShion CVE-2024-6387
0
Please sign in to leave a comment.
Comments
4 comments