OpenSSH Vulnerabilities CVE-2023-38408, CVE-2023-28531, CVE-2024-6387, CVE-2023-51767
book
Article ID: 387634
calendar_today
Updated On: 02-17-2025
Products
VMware Telco Cloud Automation
Show More
Show Less
Issue/Introduction
Security vulnerabilities in OpenSSH were reported and identified in both TCA and Airgap. These vulnerabilities were assessed based on the installed OpenSSH versions, and corresponding remediation steps have been provided.
CVE-2023-38408
CVE-2023-28531
CVE-2024-6387
CVE-2023-51767
Resolution
Check OpenSSH Versions. - Verify the installed OpenSSH versions with:
# ssh -V
- Ensure that OpenSSH 8.9p1-8.ph4 (or a later version) is installed.
Disable SSH in the production environment. - According to VMware best practices, SSH access should be disabled in production environments unless it is absolutely required. - Please refer to the TCA Security Configuration Guide for detailed instructions.
Keep an eye out for future updates. - Ensure that TCA Manager, Control Plane, and Airgap Server are always updated with the latest patches and releases. - Subscribe to VMware security advisories to stay informed about updates on OpenSSH and other vulnerabilities.
Additional Information
CVE Details and Impact Assessment
CVE-2023-38408 - OpenSSH Remote Code Execution Vulnerability via Forwarded Agent Socket
Resolved in OpenSSH 8.9p1-1.ph4
Impact on TCA: - Not Affected: TCA Manager, Control Plane, and Airgap Servers running OpenSSH 8.9p1-1.ph4 or higher.
CVE-2023-28531 - OpenSSH Sensitive Information Disclosure Vulnerability
Resolved in OpenSSH 8.9p1-2.ph4
Impact on TCA: - Not Affected: TCA Manager, Control Plane, and Airgap Servers running OpenSSH 8.9p1-2.ph4 or higher.
CVE-2024-6387 - OpenSSH Signal Handler Race Condition Vulnerability (regreSSHion)
Resolved in OpenSSH 8.9p1-8.ph4
Impact on TCA:
TCA Manager and Control Plane: - This vulnerability has only been observed on certain 32-bit Linux systems. - TCA Manager and Control Plane run on 64-bit Linux, thus are unaffected. - Current OpenSSH Version: 8.9p1-7.ph4 (upgrade to 8.9p1-8.ph4 scheduled for the next release). - Mitigation: It is recommended to disable SSH in production environments as outlined in the TCA Security Configuration Guide.
TCA Airgap Server: - The latest OpenSSH version is installed, and the system is not impacted.
CVE-2023-51767 - OpenSSH Authentication Bypass via Rowhammer Attack
Status: No fix available upstream.
Impact on TCA: - The attack was demonstrated on modified sshd binaries, not on standard OpenSSH. - Not Affected: TCA Manager, Control Plane, and Airgap Server do not include the modified OpenSSH version.
Reference links:
Feedback
thumb_up
Yes
thumb_down
No