CRITICAL - Fix for UNIX LSAM SSH Key Vulnerability
What Does This Do?
It is looking at the authorized SSH keys and looking for the vulnerability
If it finds the vulnerability in the authorized keys, then it will remove the vulnerability.
If it doesn't find the vulnerability, it will display that it didn't find the vulnerability
It also cleans up vulnerable keys that are stored in the LSAM directories
It does the following
Checks to see if the vulnerable public key is installed in authorized_keys file.
a. If it is found, the script will print, "Vulnerability found in SSH public keys file. Removing it..."
b. Then, removes the key and updates the file and will print "Removed vulnerability in SSH public keys file."
If the vulnerability is not found, it will print, "No vulnerability found in SSH public keys file"
The script will also remove
a. The vulnerable public and private keys from
~root/.sshfolder.b. The vulnerable public and private keys from
/usr/local/lsam/binfolder.c. The last step is not essential to resolve the security issue but is a better clean up.
To Execute
Download from "https://smatechnologies.hosted-by-files.com/SMAUnixLSAMVulnerabilityFix/" via Windows or Unix (the script is also attached to this article)
Transfer sma_ssh_fix to each target system via FTP using ASCII to directory "
/usr/local/"Login as Root user
Switch to Super User
a.
sudo suGo to directory
a.
cd /usr/localRun command to give execute permissions
a.
chmod u+x sma_ssh_fixRun command to execute the program
a.
./sma_ssh_fix