OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

[jezcaudle]

Version

2.4.100

Installation Method

Security Onion ISO image

Description

upgrading

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

4

RAM

16

Storage for /

2G

Storage for /nsm

2G

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hi,

I'm running 2.4.100 and I have run soup and it is telling me that I'm all up to date. But:

ssh -V
OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

Which according to my Security Onion Alerts screen is a vulnerable as per CVE-2024-6409.

I've read the docs regarding updating and as far as I can tell I'm fully up to date.

cat /etc/soversion
2.4.100
cat /etc/sohotfix
20240903

I have rebooted the manager for good measure but the SSH version is still old.

Is there anything I can do to update?

Thanks,

Jez.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[kvkamin]

Oracle package installed is openssh-server-8.7p1-38.0.2.el9_4.4.x86_64

2024-06-26 - Alex Burmashev [email protected] - 8.7p1-38.0.2

• Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468]
  Resolves CVE-2024-6387

[kvkamin]

Sorry, I just realized you referenced a different vuln. CVE-2024-6409 should only affect Red Hat.

[TOoSmOotH]

https://linux.oracle.com/cve/CVE-2024-6409.html

As mentioned previously Oracle Linux is not vulnerable to this.

That Suricata rule you are referencing has a high false positive rate since its just using version. Some vulnerability scanners out there do the same thing where they see systems as vulnerable. This is because patches are backported into the existing version to fix the vulnerabilities.

[jezcaudle]

Thank you.