Users Gain Unrestricted File Access After Upgrading OpenSSH from 9.6 to 9.8p1 Due to CVE-2024-6387

[salah-prog]

Description:

After upgrading OpenSSH from version 9.6 to 9.8p1 to address CVE-2024-6387, I encountered a critical security issue where users are now able to access all files on the server, regardless of their permission levels. This unrestricted access poses a significant security risk.

Steps to Reproduce:

1. Upgrade OpenSSH using the following commands:
   sh
   Copier le code
   cd /home/package/openssh-9.8p1
   apk add zlib-dev build-base openssl-dev --force-broken-world
   ./configure
   make install
   rm /usr/sbin/sshd
   mv /usr/local/sbin/sshd /usr/sbin/sshd

2. Have a regular user log in via SSH.

3. Attempt to access files outside the user's home directory.

Expected Behavior:

Users should only have access to files and directories for which they have explicit permissions, typically limited to their own home directories and other authorized areas.
Actual Behavior:

Users can access and read all files on the server, including those that should be restricted or require elevated privileges.
Environment:

OpenSSH Version: 9.8p1
Operating System: Alpine Linux
Method of Installation: Compiled from source as shown in the steps above
Additional Information:

The issue seems to have arisen immediately after replacing the sshd binary with the newly compiled version.
No changes were made to the SSH configuration files (sshd_config) during the upgrade process.
The --force-broken-world flag was used with apk add, which might have caused dependency issues.

Request for Assistance:

Configuration Review: Guidance on whether specific configuration files need to be updated or restored to default settings after such an upgrade.
Upgrade Procedure: Recommendations on the proper method to upgrade OpenSSH on Alpine Linux to avoid such issues in the future.

Impact:
This issue exposes sensitive data and could lead to unauthorized data access or system compromise.