Stay organized with collections
Save and categorize content based on your preferences.
Security bulletins
From time to time, we might release security bulletins related to
Bare Metal Solution. All security bulletins for Bare Metal Solution are
described here.
A vulnerability CVE-2024-6387 was discovered in OpenSSH server (sshd).
This vulnerability is exploitable remotely on glibc-based linux systems:
an unauthenticated remote code execution as root, because it affects
sshd's privileged code, which is not sandboxed and runs with full
privileges.
At the time of publication, exploitation is believed to be difficult–requiring
winning a race condition, which is hard to successfully exploit and may
take several hours per machine being attacked.
Bare Metal Solution impact
Based on our investigations, we are not aware of any exploitation attempts on existing Google managed Bare Metal Solution infrastructure.
What should I do?
We recommend updating to the safe OpenSSH version 9.8p1 once it is released, or applying sshd patches once provided by OS vendors.
We also recommend disabling/removing vulnerable OpenSSH server wherever it is not required.
Setup firewall rules to restrict access to SSH servers from trusted network endpoints.
Monitor for any unusual network activity involving SSH servers.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["Security bulletins regarding Bare Metal Solution are released periodically and detailed on this page."],["A critical vulnerability, CVE-2024-6387, has been discovered in the OpenSSH server, which may be remotely exploitable on glibc-based Linux systems."],["While no exploitation attempts have been observed on existing Google-managed Bare Metal Solution infrastructure, the impact could lead to unauthenticated remote code execution as root."],["Users are recommended to update to OpenSSH version 9.8p1 or apply vendor-provided patches, disable unnecessary OpenSSH servers, restrict SSH access, and monitor for unusual network activity."],["You can subscribe to the security bulletins via the provided XML feed link."]]],[]]
