Table of contents
1. SSH low version vulnerability information
OpenSSH GSSAPI handles remote code execution vulnerability
OpenSSH GSSAPI Authentication Termination Information Disclosure Vulnerability
OpenSSH X connection session hijacking vulnerability
2. Upgrade the ssh version to fix the vulnerability
The first step is to install Telnet service
The second step is to restart the service
The third step is to install the dependent environment
Step 4: Back up old ssh version files
Step 5: Import the service package and unzip it
Step 6: Enter the service directory to compile and install
Step 7: Check whether the compilation and installation are successful
Step 9: Copy the source code startup script
Step 10 Modify the configuration file
Step 11 Modify the configuration ssd file
Step 12 Copy the file and let the directory recognize it
Step 14 View old version information
Step 15 View using absolute path
Step 16 View with another version file
1. SSH low version vulnerability information
OPENSSH has three major security vulnerabilities, as follows:
OpenSSH GSSAPI handles remote code execution vulnerability
Vulnerability classification daemon class
High risk level
Affected platforms OpenSSH OpenSSH < 4.4
Detailed description of the remote code execution vulnerability in portable versions of OpenSSH before 4.3. An attacker can exploit the inability of race to handle specially crafted
The signal handler causes denial of service. If GSSAPI authentication is passed, the attacker can execute arbitrary code on the system.
Patching The following actions are recommended for patching to reduce threats: Upgrade to OpenSSH 4.4 or the latest version of OpenSSH. OpenSSH 4.4
released ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/
Reference URL# MLIST:[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released #
URL:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2
OpenSSH GSSAPI Authentication Termination Information Disclosure Vulnerability
Vulnerability number 000a03fa
Vulnerability classification daemon class
Danger level
Detailed description: There is an information leakage vulnerability in the GSSAPI authentication of the OpenSSH portable version. A remote attacker can use the GSSAPI authentication to terminate the postback
Different error messages and confirmation usernames are not platform specific and thus the attacker can obtain information about the usernames.
It is recommended to upgrade to OpenSSH 4.4 or the latest version of OpenSSH. OpenSSH 4.4 released
http://www.openssh.com/txt/release-4.4
Reference URL* BUGTRAQ:20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-
server * URL:http://www.securityfocus.com/archive/1/archive/1/447861/100/200/threaded
OpenSSH X connection session hijacking vulnerability
Vulnerability classification daemon class
Danger level
AFFECTING PLATFORMS OpenSSH < 4.3p2
Detailed Description When logging in via SSH with X11 forwarding enabled, sshd(8) does not correctly handle the failure to bind to the IPv4 port but successfully binds to the IPv6 port
mouth situation. In this case, the device using
hair. A malicious user can listen for X11 connections on unused IPv4 ports such as tcp 6010 port. When an unsuspecting user logs in and creates an X11 transfer
When released, a malicious user could capture all X11 data sent over the port, which could reveal sensitive information or allow execution with the permissions of the user using X11 forwarding.
line command.
Patching recommendations recommend that you take the following steps to patch to reduce the threat: OpenSSH has provided an updated download address: #OpenSSH
openssh-3.9p1-skip-used.patch http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-
3.9p1-
skip-used.patch?rev=1.1&view=markup
Reference URL* BUGTRAQ:20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-
server * URL:http://www.securityfocus.com/archive/1/archive/1/490054/100/0/threaded
2. Upgrade the ssh version to fix the vulnerability
The first step is to install Telnet service
Command: rpm -q telne-server
The second step is to restart the service
Instruction: systemctl restart telnet.socket
The third step is to install the dependent environment
命令:yum -y install gcc gcc-c++ openssl-devel pam-devel zlib zlib-devel
Step 4: Back up old ssh version files
Command: mv /etc/ssh /opt/ssh.bak
Step 5: Import the service package and unzip it
Command: tar xf [service package name]
Step 6: Enter the service directory to compile and install
Command: ./configure --sysconfdir=/etc/ssh
Step 7: Check whether the compilation and installation are successful
Command: echo $?
Step 8: Compile and install
Instruction: make -j4 && make install
Step 9: Copy the source code startup script
Command: cp /opt/openssh-8.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
Step 10 Modify the configuration file
Command: vim /etc/init.d/sshd
Step 11 Modify the configuration ssd file
Command: vim /etc/sshd/sshd_config
Step 12 Copy the file and let the directory recognize it
Command: vim /opt/openssh-8.3p1/contrib/ssh-copy-id /usr/local/bin
Step 13 File Empowerment
Command: chmod 777 ssh-copy-id
Step 14 View old version information
Command: ssh -V
Step 15 View using absolute path
Command: /usr/local/sbin/sshd -V
Step 16 View with another version file
Command: /usr/bin/ssh -V
Step 17 Optimize file path
Command: mv /opt/openssh-8.3p1/ssh /usr/bin