Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-51767 Part of: QUA-00038915 (collection), QUA-00038919 (this CVE)
This is no OpenSSH bug in itself and unfixable in software. However, it should be verified that mitigatory measures such as ASLR are active, as recommended by OpenSSH developer Damien Miller.
You can use the following script utilizing SystemD to retrieve the SSH daemons’ PID, use procfs to read its personality, and then check whether the ADDR_NO_RANDOMIZE flag is set:
#! /bin/sh
# Cf. <https://man7.org/linux/man-pages/man5/proc.5.html>
personality=$(sudo cat "/proc/$(systemctl show --value --property MainPID sshd)/personality”)
# Cf. <https://man7.org/linux/man-pages/man2/personality.2.html> and
# <https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/personality.h#L13>
if [ $((personality & 0x0040000)) -ne 0 ]; then
printf 'Warning: ASLR disabled for sshd!\\n' >&2
exit 1
else
printf 'Ok: ASLR enabled for sshd!\\n' >&2
exit 0
fi
This flag should be unset by default on any modern system. If the flag is verified to be not set, the OpenSSH server is vulnerable.
If it’s impossible to change that setting, at least other measures such as port knocking (knockd), fail2ban or restrictive firewalling should be implemented.