九分地,虽不多,但足矣
www.9fendi.com

阿里云提示漏洞RHSA-2017:2563: openssh security update 解决办法

阿里云提示漏洞RHSA-2017:2563: openssh security update

基本信息
标题: OpenSSH用户枚举漏洞
CVSS分值: 4.3
CVSS: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
披露时间: 2017-02-13 00:00:00
CVEID: CVE-2016-6210

简介:
OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。

OpenSSH存在用户枚举漏洞。OpenSSH SSH守护进程允许用户进行身份验证时的时间差进行用户枚举。

解决方案:
请直接在漏洞处理页面,选择对应服务器和漏洞,生成修复命令后,登录到服务器上运行即可。

看了半天,晕菜。。。

自己解决办法

远程登录,通过命令重新安装升级OpenSSH

# yum update openssh

显示如下:

Loaded plugins: fastestmirror
Setting up Update Process
Determining fastest mirrors
base | 3.7 kB 00:00
epel | 4.7 kB 00:00
epel/primary_db | 6.0 MB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 7.0 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package openssh.x86_64 0:5.3p1-122.el6 will be updated
--> Processing Dependency: openssh = 5.3p1-122.el6 for package: openssh-server-5.3p1-122.el6.x86_64
--> Processing Dependency: openssh = 5.3p1-122.el6 for package: openssh-clients-5.3p1-122.el6.x86_64
---> Package openssh.x86_64 0:5.3p1-123.el6_9 will be an update
--> Running transaction check
---> Package openssh-clients.x86_64 0:5.3p1-122.el6 will be updated
---> Package openssh-clients.x86_64 0:5.3p1-123.el6_9 will be an update
---> Package openssh-server.x86_64 0:5.3p1-122.el6 will be updated
---> Package openssh-server.x86_64 0:5.3p1-123.el6_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================
Package Arch Version Repository Size
==================================================================================================
Updating:
openssh x86_64 5.3p1-123.el6_9 updates 277 k
Updating for dependencies:
openssh-clients x86_64 5.3p1-123.el6_9 updates 444 k
openssh-server x86_64 5.3p1-123.el6_9 updates 329 k

Transaction Summary
==================================================================================================
Upgrade 3 Package(s)

Total download size: 1.0 M
Is this ok [y/N]:

选择y回车继续

显示如下:

Downloading Packages:
(1/3): openssh-5.3p1-123.el6_9.x86_64.rpm | 277 kB 00:00
(2/3): openssh-clients-5.3p1-123.el6_9.x86_64.rpm | 444 kB 00:00
(3/3): openssh-server-5.3p1-123.el6_9.x86_64.rpm | 329 kB 00:00
--------------------------------------------------------------------------------------------------
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-5.3p1-123.el6_9.x86_64 1/6
Updating : openssh-clients-5.3p1-123.el6_9.x86_64 2/6
Updating : openssh-server-5.3p1-123.el6_9.x86_64 3/6
Cleanup : openssh-server-5.3p1-122.el6.x86_64 4/6
Cleanup : openssh-clients-5.3p1-122.el6.x86_64 5/6
Cleanup : openssh-5.3p1-122.el6.x86_64 6/6
Verifying : openssh-clients-5.3p1-123.el6_9.x86_64 1/6
Verifying : openssh-5.3p1-123.el6_9.x86_64 2/6
Verifying : openssh-server-5.3p1-123.el6_9.x86_64 3/6
Verifying : openssh-server-5.3p1-122.el6.x86_64 4/6
Verifying : openssh-5.3p1-122.el6.x86_64 5/6
Verifying : openssh-clients-5.3p1-122.el6.x86_64 6/6

Updated:
openssh.x86_64 0:5.3p1-123.el6_9

Dependency Updated:
openssh-clients.x86_64 0:5.3p1-123.el6_9 openssh-server.x86_64 0:5.3p1-123.el6_9

Complete!

升级安装完成,最后重启服务器到阿里云后台漏洞显示处验证一下就行了。

 

 

赞(0)
9Fendi Blog » 阿里云提示漏洞RHSA-2017:2563: openssh security update 解决办法
分享到: 更多 (0)

评论 抢沙发