漏洞情况
如标题三个漏洞未2019年1月26日发布,发现存在该问题的设备使用的是OpenSSH 7.9版本。
三个安全漏洞问题为scp相关问题,出现在openssh-client。
解决办法:
目前发现成功解决该问题的方式是在openssh官网中找到,官网于4月26日发布最新OpenSSH 8.0版本中提到:
原引:https://www.openssh.com/txt/release-8.0
This release includes a number of changes that may affect existing
configurations:
- scp(1): Relating to the above changes to scp(1); the scp protocol
relies on the remote shell for wildcard expansion, so there is no
infallible way for the client’s wildcard matching to perfectly
reflect the server’s. If there is a difference between client and
server wildcard expansion, the client may refuse files from the
server. For this reason, we have provided a new “-T” flag to scp
that disables these client-side checks at the risk of
reintroducing the attack described above.
OpenSSH 8.0版本修复了scp存在的问题,更新最新的OpenSSH版本可以修复漏洞。CentOS 7上更新操作和OpenSSH 7.9版本类似,对应位置换成8.0即可,可参考:
https://blog.csdn.net/weixin_43103905/article/details/87185884