Critical Security Alert: CVE-2024-6387 Vulnerability Affects Ubuntu 20.04/22.04 LTS
- Wednesday, 23rd October, 2024
- 10:53am
Dear Valued Customers,
Greetings from GB Cloud,
We want to inform you about a critical vulnerability: CVE-2024-6387, known as regreSSHion. This vulnerability specifically affects users:
- Users running Ubuntu 20.04 LTS
- Users running Ubuntu 22.04 LTS
Vulnerability Details:
regreSSHion, CVE-2024-6387, is an unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction.
Mitigation for Ubuntu:
To safeguard your Ubuntu systems against this vulnerability, please follow the steps below:
1. Log in to the server via SSH.
2. Run the command below:
vi /etc/ssh/sshd_config
3. In the editor mode, navigate to the line for LoginGraceTime. After locating it, set the value to 0 as follows:
LoginGraceTime 0
If there's a symbol # in front of that line, please remove it to uncomment.
4. Save and exit the editor.
5. Restart the SSH daemon to apply the changes:
systemctl restart sshd
By implementing these updates and configurations, you enhance your system's security against potential exploitation.
If you have any questions or require assistance with the mitigation process, please don’t hesitate to reach out to our support team.
Thank you for your attention to this crucial matter and for your continued trust in GB Cloud.
Warm regards,
Technical Support Department
------------------------------------
https://www.gbcloud.net
Tel: +(603)-8686 5540 | Fax: +(603)-8686 5541
Like us on Facebook: https://fb.me/gbcloud.net
Follow us on Twitter: https://twitter.com/gbcloud_net
