OpenSSH Vulnerability CVE-2024-6387 Mitigation

Issue Summary

A vulnerability has been identified in OpenSSH that incorrectly handles signal management. This flaw, referenced as CVE-2024-6387, could allow a remote attacker to bypass authentication and gain unauthorized system access.

Mitigation Steps

To mitigate this issue immediately, set LoginGraceTime to 0 in /etc/ssh/sshd_config.

Actions Taken by ScyllaDB

  • We have updated all Scylla Cloud servers, including both database and backend systems, with the aforementioned configuration change.
  • We have built new versions of Scylla images with newer OpenSSH packages for both open-source and Enterprise editions, to be released ASAP.

ScyllaDB Cloud Users:

  • No action is required on your part. The mitigation has been applied automatically.

ScyllaDB Enterprise and Open Source Users:

  • Implement the mitigation described above by updating your SSH configuration.
  • Plan to upgrade to the latest patch release when it becomes available.

Please address this issue promptly to ensure your systems remain secure. If you have any questions or need further assistance, please contact our support team.