[BlueOnyx:27078] Re: New OpenSSH vulnerability
Christoph Schneeberger
cschnee at box.telemedia.ch
Tue Jul 2 06:11:49 -05 2024
On 7/2/24 13:03, Christoph Schneeberger via Blueonyx wrote:
> On 7/2/24 08:48, Michael Stauber via Blueonyx wrote:
>>> As far as I can see Almalinux was already patched:
>>>
>>> [root at alma ~]# rpm -qi openssh-server --changelog
>>> Name : openssh-server
>>> Version : 8.7p1
>>> Release : 38.el9.alma.2
>>> Architecture: x86_64
>>
>> Yeah, on AlmaLinux 9 it seems to be fixed now. But for AlmaLinux 8 a
>> fixed RPM doesn't seem to be out yet or the mirrors I'm trying
>> against aren't updated yet.
>>
>
> As a temporary workaround setting MaxSessions in /etc/ssh/sshd_config
> to a value of ~4-8 should delay a possible attacker in the range of
> days to weeks. IIRC the default for MaxSessions is 1000 with which an
> attacker needs 4-8 hours to exploit it.
Sorry, wrong number, the default is 10.
More information about the Blueonyx
mailing list