- Product Bulletin
- Service Overview
-
User Guide
- Usage Overview
- Selecting HCE as the Public Image When Creating an ECS
- Changing an OS to HCE
- Migrating an OS
- Upgrading HCE and RPM Packages
- Security Updates for HCE
- Obtaining the openEuler Extended Software Packages
- Creating a Docker Image and Starting a Container
- Tools
- Kernel Functions and Interfaces
- xGPU
- Configuring the Repositories and Installing Software for HCE
-
FAQs
- What Do I Do If CentOS Linux Is No Longer Maintained?
- Does Huawei Cloud Have a Migration Solution for CentOS?
- How Do I Install the MLNX Driver?
- How Do I Enable SELinux on an ECS Running HCE?
- How Do I Change the OS Name on the Console After the OS Is Migrated?
- How Are Huawei Cloud EulerOS, EulerOS, and openEuler Different from One Another?
- How Do I Enable WireGuard in Kernel and Install wireguard-tools?
- How Do I Save the User Credential Information for Logging In to Docker Like What Docker CE Does?
- What Is OOM? Why Does OOM Occur?
- How Do I Handle IPVS Errors?
- Why Can't HCE Obtain an IPv6 Address After IPv6 Is Enabled for an ECS?
- How Do I Set Auto Log Using TMOUT?
- Best Practices
- General Reference
Copied.
CVE-2024-6387: OpenSSH Remote Code Execution Vulnerability
Description
On July 1, 2024, a security research institute outside China released the latest vulnerability notice on regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (CVE-2024-6387). This vulnerability affects OpenSSH with a version of 8.5p1 or later but earlier than 8.8p1-2.r34. sshd invokes insecure asynchronous signal functions in the SIGALRM signal. As a result, an unauthenticated attacker can exploit this vulnerability to execute arbitrary code as user root on the victim's Linux system. This vulnerability has a wide impact. The technical details and PoC of this vulnerability have been disclosed. You are advised to fix the vulnerability in a timely manner.
For details about the HCE SA, see HCE2-SA-2024-0224.
Impacts and Risks
Unauthenticated attackers can exploit this vulnerability to execute arbitrary code as user root on the Linux system, causing confidentiality, integrity, and availability damage.
Identification Method
- Check the HCE OS version. If the version is HCE 2.0, go to the next step. If the version is HCE 1.1, the system is not affected by the vulnerability.
cat /etc/hce-latest
- Check the OpenSSH version. If the version is earlier than 8.8p1-2.r34, the OpenSSH is affected by the vulnerability.
rpm -qa | grep openssh
Solution
- Upgrade the OpenSSH version.
yum update openssh
Verify that the OpenSSH version is 8.8p1-2.r34 or later.rpm -qa | grep openssh
- Restart the sshd service.
systemctl restart sshd
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot