OpenSSH安全漏洞(CVE-2018-15919)、(CVE-2018-15473)、。。。⽂章⽬录
# 前⾔
在做第三⽅安全漏洞扫描时,被发现有关OpenSSH 安全漏洞内容:
OpenSSH 安全漏洞(CVE-2018-15919):
受影响版本:· OpenSSH >=5.9&&<=7.8
OpenSSH 安全漏洞(CVE-2018-15473):
受影响版本:· OpenSSH >=5.9&&<=7.8
OpenSSH 安全漏洞(CVE-2017-15906)等
主要解决途径是通过升级ssh版本来完成漏洞修复。
附:升级log:
[BEGIN]2020/11/2715:07:55
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.76.118 netmask 255.255.255.0 broadcast 192.168.76.255
inet6 fe80::f816:3eff:fe74:1063 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:74:10:63 txqueuelen 1000(Ethernet)
RX packets 33926818 bytes 11952983054(11.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14835328 bytes 3285024214(3.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000(Local Loopback)
RX packets 14630411 bytes 1422776421(1.3 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14630411 bytes 1422776421(1.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:85:8e:a9 txqueuelen 1000(Ethernet)
RX packets 0 bytes 0(0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0(0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]#
[root@xiaoyouban1 ~]# cd /opt/
[root@xiaoyouban1 opt]# cat /etc/redhat-release
CentOS Linux release 7.7.1908(Core)
[root@xiaoyouban1 opt]#
[root@xiaoyouban1 opt]#
[root@xiaoyouban1 opt]# yum update openssh -y
[root@xiaoyouban1 opt]# yum update openssh -y
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
* base: mirrors.163
* extras: mirrors.163
* updates: mirrors.163
base |3.6 kB 00:00:00
extras |2.9 kB 00:00:00
updates |2.9 kB 00:00:00
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
(1/4): base/7/x86_64/group_gz |153 kB 00:00:00
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
(2/4): extras/7/x86_64/primary_db |222 kB 00:00:00
(4/4): updates/7/x86_64/primary_db 48%[=========================]0.0 B/s |4.9 MB --:--:--ETA
(3/4): base/7/x86_64/primary_db |6.1 MB 00:00:00
(4/4): updates/7/x86_64/primary_db 63%[=================================]1.3 MB/s |6.4 MB 00:00:02ETA
(4/4): updates/7/x86_64/primary_db 79%[=========================================]1.5 MB/s |8.1 MB 00:00:01ETA
(4/4): updates/7/x86_64/primary_db |3.7 MB 00:00:01
No packages marked for update
[root@xiaoyouban1 opt]# yum install -y telnet-server* telnet xinetd
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.163
* extras: mirrors.163
* updates: mirrors.163
正在解决依赖关系
-->正在检查事务
--->软件包 telnet.x86_64.1.0.17-66.el7 将被安装
--->软件包 telnet-server.x86_64.1.0.17-66.el7 将被安装
--->软件包 xinetd.x86_64.2.2.3.15-14.el7 将被安装
-->解决依赖关系完成
依赖关系解决
========================================================================================================================== ================================
Package 架构版本源⼤⼩
========================================================================================================================== ================================
正在安装:
telnet x86_64 1:0.17-66.el7 updates 64 k
telnet-server x86_64 1:0.17-66.el7 updates 41 k
cve漏洞库xinetd x86_64 2:2.3.15-14.el7 base 128 k
事务概要
========================================================================================================================== ================================
================================
安装3软件包
总下载量:234 k
安装⼤⼩:429 k
Downloading packages:
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
/f: line 3: ignoring trailing garbage ` '
/f: line 4: bad command `nospoof on '
(2/3): telnet-server-0.17-66.el7.x86_64.rpm 0%[]0.0 B/s |0 B --:--:--ETA
(1/3): xinetd-2.3.15-14.el7.x86_64.rpm |128 kB 00:00:03
(2/3): telnet-0.17-66.el7.x86_64.rpm |64 kB 00:00:03
(3/3): telnet-server-0.17-66.el7.x86_64.rpm |41 kB 00:00:03
----------------------------------------------------------------------------------------------------------------------------------------------------------
总计61 kB/s |234 kB 00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装:2:xinetd-2.3.15-14.el7.x86_64 []1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [# ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [## ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [### ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [#### ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [> ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [># ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>> ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>#### ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>## ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># ## ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># ### ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>####
>>>>>>>## > ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># ># ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># >## ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># >>## ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 [>>>>>>>>>>>>>>>>># >>### ]1/3
正在安装:2:xinetd-2.3.15-14.el7.x86_64 1/3
正在安装:1:telnet-0.17-66.el7.x86_64 []2/3
正在安装:1:telnet-0.17-66.el7.x86_64 [>>>>>>>>>>>## ]2/3
正在安装:1:telnet-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>>### # ]2/3
正在安装:1:telnet-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>>### > ]2/3
正在安装:1:telnet-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>>### >>### ]2/3
正在安装:1:telnet-0.17-66.el7.x86_64 2/3
正在安装:1:telnet-server-0.17-66.el7.x86_64 []3/3
正在安装:1:telnet-server-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>###
正在安装:1:telnet-server-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>### ## ]3/3
正在安装:1:telnet-server-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>### ### ]3/3
正在安装:1:telnet-server-0.17-66.el7.x86_64 [>>>>>>>>>>>>>>>>### >>## ]3/3
正在安装:1:telnet-server-0.17-66.el7.x86_64 3/3
验证中:1:telnet-server-0.17-66.el7.x86_64 1/3
验证中:1:telnet-0.17-66.el7.x86_64 2/3
验证中:2:xinetd-2.3.15-14.el7.x86_64 3/3
已安装:
telnet.x86_64 1:0.17-66.el7 telnet-server.x86_64 1:0.17-66.el7 xinetd.x86_64 2:2.3.15-14.el7
完毕!
[root@xiaoyouban1 opt]# systemctl enable xinetd.service
[root@xiaoyouban1 opt]#
[root@xiaoyouban1 opt]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
[root@xiaoyouban1 opt]# systemctl start telnet.socket
[root@xiaoyouban1 opt]# systemctl start xinetd.service
[root@xiaoyouban1 opt]# echo 'pts/0'>>/etc/securetty
[root@xiaoyouban1 opt]# echo 'pts/1'>>/etc/securetty
[root@xiaoyouban1 opt]# echo 'pts/2'>>/etc/securetty
[root@xiaoyouban1 opt]# yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
####安装过程详细略####
已安装:
作为依赖被安装:
libstdc++-devel.x86_64 0:4.8.5-44.el7 m4.x86_64 0:1.4.16-10.el7
更新完毕:
gcc.x86_64 0:4.8.5-44.el7 gcc-c++.x86_64 0:4.8.5-44.el7 glibc.x86_64 0:2.17-317.el7
作为依赖被升级:
cpp.x86_64 0:4.8.5-44.el7 glibc-common.x86_64 0:2.17-317.el7 glibc-devel.x86_64 0:2.17-317.el7 glibc-headers.x86_64 0:2.17-317.el7
libgcc.x86_64 0:4.8.5-44.el7 libgomp.x86_64 0:4.8.5-44.el7 libstdc++.x86_64 0:4.8.5-44.el7 pam.x86_64 0:1.1.8-23.el7
完毕!
[root@xiaoyouban1 opt]# yum install -y pam* zlib*
####安装过程详细略####
已安装:
pam_krb5.x86_64 0:2.4.8-6.el7 pam_pkcs11.x86_64 0:0.6.2-30.el7 pam_snapper.x86_64 0:0.2.8-4.el7 pam_ssh_agent_auth.x86_64 0:0.10.3-2.2 1.el7
zlib-static.x86_64 0:1.2.7-18.el7
作为依赖被安装:
boost-serialization.x86_64 0:1.53.0-28.el7 pcsc-lite-libs.x86_64 0:1.8.8-8.el7 snapper.x86_64 0:0.2.8-4.el7 snapper-libs.x86_64 0:0.2.8-4.el7
完毕!
[root@xiaoyouban1 opt]# wget -c openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.
####略####
[root@xiaoyouban1 opt]# wget -c /source/openssl-1.0.
####略####
[root@xiaoyouban1 opt]#
[root@xiaoyouban1 opt]# tar xfz openssh-8.
[root@xiaoyouban1 opt]# tar xfz openssl-1.0.
[root@xiaoyouban1 opt]# mv /usr/bin/openssl /usr/bin/openssl_bak
[root@xiaoyouban1 opt]# mv /usr/include/openssl /usr/include/openssl_bak
[root@xiaoyouban1 opt]# cd /opt/openssl-1.0.2r
[root@xiaoyouban1 openssl-1.0.2r]# ./config shared && make && make install
####略####
####略####
[root@xiaoyouban1 openssh-8.1p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@xiaoyouban1 openssh-8.1p1]# cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
[root@xiaoyouban1 openssh-8.1p1]# chmod +x /etc/init.d/sshd
[root@xiaoyouban1 openssh-8.1p1]# chkconfig --add sshd
[root@xiaoyouban1 openssh-8.1p1]# systemctl enable sshd
[root@xiaoyouban1 openssh-8.1p1]# mv /usr/lib/systemd/system/sshd.service /opt/
[root@xiaoyouban1 openssh-8.1p1]# mv /usr/lib/systemd/system/sshd.socket /opt/
[root@xiaoyouban1 openssh-8.1p1]# chkconfig sshd on
[root@xiaoyouban1 openssh-8.1p1]# service sshd restart
Restarting sshd(via systemctl):[确定]
[root@xiaoyouban1 openssh-8.1p1]# openssl version
OpenSSL 1.0.2r 26 Feb 2019
[root@xiaoyouban1 openssh-8.1p1]# ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.2r 26 Feb 2019
[root@xiaoyouban1 openssh-8.1p1]# exit
登出
Connection closed by foreign host.
⼀、查看现有的ssh的版本并升级到最新版本
cd /opt
ssh -V
openssl version
yum update openssh -y
⼆、安装启动并配置telnet服务,防⽌ssh升级失败⽆法访问服务器
yum install -y telnet-server* telnet xinetd
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd.service
echo 'pts/0'>>/etc/securetty
echo 'pts/1'>>/etc/securetty
echo 'pts/2'>>/etc/securetty
三、升级ssh
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
cve-2015-5254原理
下一篇 »
推荐文章
热门文章
-
随机森林算法的改进方法
2024-10-02 -
基于随机森林算法的风险预警模型研究
2024-10-02 -
Python中的随机森林算法详解
2024-10-02 -
随机森林发展历史
2024-10-02 -
如何使用随机森林进行时间序列数据模式识别(八)
2024-10-02 -
随机森林回归模型原理
2024-10-02 -
如何使用随机森林进行时间序列数据模式识别(六)
2024-10-02 -
如何使用随机森林进行时间序列数据预测(四)
2024-10-02 -
如何使用随机森林进行异常检测(六)
2024-10-02 -
随机森林算法和grandientboosting算法 -回复
2024-10-02 -
随机森林方法总结全面
2024-10-02 -
随机森林算法原理和步骤
2024-10-02 -
随机森林的原理
2024-10-02 -
随机森林 重要性
2024-10-02 -
随机森林算法
2024-10-02 -
机器学习中随机森林的原理
2024-10-02 -
随机森林算法原理
2024-10-02 -
使用计算机视觉技术进行动物识别的技巧
2024-10-02 -
基于crf命名实体识别实验总结
2024-10-02 -
transformer预测模型训练方法
2024-10-02
最新文章
-
随机森林算法介绍及R语言实现
2024-10-02 -
基于随机森林优化的神经网络算法在冬小麦产量预测中的应用研究_百度文 ...
2024-10-02 -
基于正则化贪心森林算法的情感分析方法研究
2024-10-02 -
随机森林算法和grandientboosting算法
2024-10-02 -
基于随机森林的图像分类算法研究
2024-10-02 -
随机森林结合直接正交信号校正的模型传递方法
2024-10-02
发表评论