sshd CVE-2024-6387 vulnerability
-
@stephenw10, thanks.
-
Workaround
If sshd(8) cannot be updated, this signal handler race condition can be
mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and
restarting sshd(8). This makes sshd(8) vulnerable to a denial of service
(the exhaustion of all MaxStartups connections), but makes it safe from the
remote code execution presented in this advisory.Is this the recommendation for older versions of pfSense currently?
-
Yes, the patch will set that.
-
And the patch is already there, good work Netgate!
-
-
@stephenw10 Will a fix for this be incorporated in the next 24.09-Development release?
Ted
-
Yes 24.08 will have an updated openssh version.
-
J JeGr referenced this topic on
-
@stephenw10
How about the new CE 2.8.0 ? Is that alright as well ? -
This post is deleted! -
2.8.0 has the patched code: https://github.com/pfsense/FreeBSD-src/commit/2abea9df01655633aabbb9bf3204c90722001202