OpenSSH Remote Unauthenticated Code Execution Vulnerability (regreSSHion) in Harbor 2.6.3 OVA VM
search cancel

OpenSSH Remote Unauthenticated Code Execution Vulnerability (regreSSHion) in Harbor 2.6.3 OVA VM

book

Article ID: 379250

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Management

Issue/Introduction

To fix the CVE  CVE-2024-6387 in Photon OS we need to upgrade openssh version to 8.9p1-8.ph4

Environment

Harbor 2.6.3

Cause

CVE fix in Harbor 2.6.3

Resolution

Harbor 2.6.3 has openssh version 8.8p1-3.ph4 installed

root@harbor-test1 [ ~ ]# yum list installed | grep openssh

openssh-clients.x86_64                      8.8p1-3.ph4              @System
openssh-server.x86_64                       8.8p1-3.ph4              @System





root@harbor-test1 [ ~ ]# cat /etc/os-release
NAME="VMware Photon OS"
VERSION="4.0"
ID=photon
VERSION_ID=4.0
PRETTY_NAME="VMware Photon OS/Linux"
ANSI_COLOR="1;34"
HOME_URL="https://vmware.github.io/photon/"
BUG_REPORT_URL="https://github.com/vmware/photon/issues"


 It has the latest version 8.9p1-8.ph4  available

root@harbor-test1 [ ~ ]# yum list available | grep openssh
openssh.x86_64 8.4p1-2.ph4 photon-release
openssh-clients.x86_64 8.4p1-2.ph4 photon-release
openssh-server.x86_64 8.4p1-2.ph4 photon-release
openssh.x86_64 8.9p1-8.ph4 photon-updates
openssh-clients.x86_64 8.9p1-8.ph4 photon-updates
openssh-server.x86_64 8.9p1-8.ph4 photon-updates
openssh-socket.x86_64 8.9p1-8.ph4 photon-updates



For installing 8.9p1-8.ph4 we need to update the below packages aswel.

ca-certificates-pki x86_64 20201001-4.ph4 photon-updates 766.32k 784712
bash x86_64 5.0-5.ph4 photon-updates 1.85M 1935809
ca-certificates x86_64 20201001-4.ph4 photon-updates 720.60k 737899
cracklib x86_64 2.9.7-4.ph4 photon-updates 44.59k 45657
coreutils-selinux x86_64 9.1-4.ph4 photon-updates 6.97M 7303465
openssh-clients x86_64 8.9p1-8.ph4 @cmdline 4.84M 5073733
openssh-server x86_64 8.9p1-8.ph4 @cmdline 1.14M 1196403


For Airgapped environments, we can download the 8.9p1-8.ph4 rpms manually from https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/ from a machine that has internet access

Download all the required packages using the below link

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/openssh-server-8.9p1-8.ph4.x86_64.rpm 

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/openssh-clients-8.9p1-8.ph4.x86_64.rpm

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/coreutils-selinux-9.1-4.ph4.x86_64.rpm

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/cracklib-2.9.7-4.ph4.x86_64.rpm

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/ca-certificates-20201001-4.ph4.x86_64.rpm

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/ca-certificates-pki-20201001-4.ph4.x86_64.rpm

wget https://packages.vmware.com/photon/4.0/photon_updates_4.0_x86_64/x86_64/bash-5.0-5.ph4.x86_64.rpm



Once the rpm is downloaded you can copy those to the Harbor OVA VM and then install using the below command:

root@harbor-test1 [ ~ ]# tdnf install ca-certificates-20201001-4.ph4.x86_64.rpm ca-certificates-pki-20201001-4.ph4.x86_64.rpm bash-5.0-5.ph4.x86_64.rpm coreutils-selinux-9.1-4.ph4.x86_64.rpm cracklib-2.9.7-4.ph4.x86_64.rpm openssh-clients-8.9p1-8.ph4.x86_64.rpm openssh-server-8.9p1-8.ph4.x86_64.rpm --nogpgcheck

openssh-server x86_64 8.9p1-8.ph4 @cmdline 1.14M 1196403
openssh-clients x86_64 8.9p1-8.ph4 @cmdline 4.84M 5073733
cracklib x86_64 2.9.7-4.ph4 @cmdline 44.59k 45657
coreutils-selinux x86_64 9.1-4.ph4 @cmdline 6.97M 7303465
bash x86_64 5.0-5.ph4 @cmdline 1.85M 1935809
ca-certificates-pki x86_64 20201001-4.ph4 @cmdline 766.32k 784712
ca-certificates x86_64 20201001-4.ph4 @cmdline 720.60k 737899

Total installed size: 16.29M 17077678

Is this ok [y/N]: y




After this we need to reload the systemd daemon, restart sshd service and then make sure the new version of openssh is installed.

root@harbor-test1 [ ~ ]# systemctl daemon-reload
root@harbor-test1 [ ~ ]# systemctl restart sshd
root@harbor-test1 [ ~ ]# systemctl status sshd
● sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-10-09 06:27:11 UTC; 5s ago
   Main PID: 423704 (sshd)
      Tasks: 1 (limit: 9531)
     Memory: 1.1M
     CGroup: /system.slice/sshd.service
             └─423704 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Oct 09 06:27:11 harbor-test1.<FQDN> systemd[1]: Started OpenSSH Daemon.
Oct 09 06:27:11 harbor-test1.<FQDN> sshd[423704]: Server listening on 0.0.0.0 port 22.
Oct 09 06:27:11 harbor-test1.<FQDN> sshd[423704]: Server listening on :: port 22.

root@harbor-test1 [ ~ ]# yum list installed | grep openssh
openssh-clients.x86_64                      8.9p1-8.ph4              @System
openssh-server.x86_64                       8.9p1-8.ph4              @System
Powered by Wolken Software