Skip to main content

How to deal with "CVE-2024-6387" regreSSHion Bug on cPanel?

Answered

Comments

4 comments

  • Andrew
    Translate

    This is only vulnerable on Almalinux 9. 

    Suggested mitigation:
     
    Add or update the following line in the sshd_config file
    LoginGraceTime 0

    Andrew N. - cPanel Plesk VMWare Certified Professional
    Do you need immediate assistance? 20 minutes response time!* Open a ticket
    EmergencySupport - Professional Server Management and One-time Services

     

    0
  • TCH

    This was addressed by Almalinux yesterday, https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/

    [~]# rpm -q openssh
    openssh-8.7p1-38.el9.alma.2.x86_64

    [ ~]# rpm --changelog -q openssh-8.7p1-38.el9.alma.2.x86_64| less
    * Mon Jul 01 2024 Jonathan Wright <jonathan@almalinux.org> - 8.7p1-38.alma.2
    - Fix regreSSHion attack
      Resolves: CVE-2024-6387

     

    0
  • vacancy

    Almalinux 8

    root@server ~]# rpm -q openssh
    openssh-8.0p1-24.el8.x86_64

    Centos 7

    [root@server ~]# rpm -q openssh
    openssh-7.4p1-23.el7_9.x86_64

    Centos 7 and almalinux 8 are not affected.

     

    1
  • William Del Piero cPanel Staff

    Hi,

     

    We've recently published the following support article to guide our users through mitigating this vulnerability:

     

    OpenSSH Vulnerability regreSShion CVE-2024-6387

     

     

     

    0

Please sign in to leave a comment.