How to easily fix OpenSSH RegreSSHion vulnerability

by
@_indyman

The regreSSHion vulnerability CVE-2024-6387 is a critical remote unauthenticated code execution (RCE) vulnerability affecting OpenSSH server (sshd) on glibc-based Linux systems. If exploited, this vulnerability can lead to:

  • Complete system takeover
  • Installation of malware
  • Data manipulation and exfiltration
  • Creation of backdoors for persistent access
  • Network propagation to other systems within the organization

Exploiting this vulnerability allows attackers to bypass critical security mechanisms and cause significant damage.

Solution for Ubuntu

Check your Ubuntu version

To check your Ubuntu version, run the following command in your terminal:

lsb_release -a

This command will display information about your Ubuntu distribution, including the release name.

How to fix the vulnerability

To fix the regreSSHion vulnerability on your Ubuntu server, follow these steps:

  1. Update the package list and install available updates:

    sudo apt update
    sudo apt upgrade
    
  2. Ensure you are running the latest version of OpenSSH for your release:

    sudo apt install --only-upgrade openssh-server
    

Check if the fix is installed

Ensure the version at least matches the patched version for your Ubuntu release:

dpkg -l | grep openssh-server
  • Jammy: 1:8.9p1-3ubuntu0.10
  • Mantic: 1:9.3p1-1ubuntu3.6
  • Noble: 1:9.6p1-3ubuntu13.3

Protect your server with automatic updates

Unattended Upgrades is a package on Ubuntu that allows automatic installation of security updates and critical packages without user intervention. This can help ensure that your system is always up-to-date with the latest security patches, including the fix for vulnerabilities like regreSSHion.

If you had unattended upgrades configured on your Ubuntu system, it would have automatically applied the security update for OpenSSH as soon as it was available, thereby mitigating the vulnerability without requiring manual intervention.

How to Set Up Unattended Upgrades

Follow these steps to set up unattended upgrades on your Ubuntu system:

  1. Install Unattended Upgrades:

    sudo apt update
    sudo apt install unattended-upgrades
    
  2. Enable Unattended Upgrades:

    sudo dpkg-reconfigure --priority=medium unattended-upgrades
    

Checking If Unattended Upgrades Is Working

To verify that unattended upgrades are functioning correctly:

  1. Check the Status of the Service:

    sudo systemctl status unattended-upgrades
    
  2. Review the Log Files:

    Review the logs to see if updates have been applied:

    sudo tail -f /var/log/unattended-upgrades/unattended-upgrades.log
    

By setting up unattended upgrades, you can ensure that critical security updates, like those for the regreSSHion vulnerability, are applied automatically, enhancing the security of your Ubuntu server without manual intervention.

👉 Stay tuned for the upcoming course to secure your server