Version: Next

Securing Against Latest CVEs

Overview

This article outlines critical security vulnerabilities that may affect StorageLink and provides mitigation steps for each.

CVE-2024-6387 — OpenSSH Remote Code Execution

An OpenSSH vulnerability exploiting race conditions in signal handling that could allow remote code execution.

Resolution: SSH into your instance and run:

sudo apt update && sudo apt upgrade openssh-server -y

CVE-2023-48795 — Terrapin Attack

An SSH protocol flaw enabling encryption downgrade attacks.

Resolution: Disable the following algorithms in StorageLink's Security Settings:

chacha20-poly1305@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-md5-etm@openssh.com

Navigate to the admin UI → Security Settings, uncheck each of the algorithms listed above, and save.

Kernel Vulnerabilities

Multiple kernel CVEs require patching at the OS level.

Resolution: SSH into your instance and run:

sudo apt update && sudo apt upgrade linux-generic -y

Then reboot the instance to apply the kernel update.

info

StorageLink is designed to be secure by default. These configuration changes address emerging threats that appear after the initial release of a given version.

Securing Against Latest CVEs

Overview​

CVE-2024-6387 — OpenSSH Remote Code Execution​

CVE-2023-48795 — Terrapin Attack​

Kernel Vulnerabilities​

Overview

CVE-2024-6387 — OpenSSH Remote Code Execution

CVE-2023-48795 — Terrapin Attack

Kernel Vulnerabilities