Stay organized with collections
Save and categorize content based on your preferences.
Security bulletins
From time to time, we might release security bulletins related to
Bare Metal Solution. All security bulletins for Bare Metal Solution are
described here.
A vulnerability CVE-2024-6387 was discovered in OpenSSH server (sshd).
This vulnerability is exploitable remotely on glibc-based linux systems:
an unauthenticated remote code execution as root, because it affects
sshd's privileged code, which is not sandboxed and runs with full
privileges.
At the time of publication, exploitation is believed to be difficult–requiring
winning a race condition, which is hard to successfully exploit and may
take several hours per machine being attacked.
Bare Metal Solution impact
Based on our investigations, we are not aware of any exploitation attempts on existing Google managed Bare Metal Solution infrastructure.
What should I do?
We recommend updating to the safe OpenSSH version 9.8p1 once it is released, or applying sshd patches once provided by OS vendors.
We also recommend disabling/removing vulnerable OpenSSH server wherever it is not required.
Setup firewall rules to restrict access to SSH servers from trusted network endpoints.
Monitor for any unusual network activity involving SSH servers.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-12-19 UTC."],[],[]]