NAbox 4.0.3 is available | NetApp | Page 1

muted wasp · 2024-07-03T09:15:06.440Z

- fix: improve pre and post migration data continuity in dashboards - base os upgrade (Flatcar Container Linux 3815.2.5) https://nabox.org/downloads/

muted wasp Jul 3, 2024, 9:15 AM

#

fix: improve pre and post migration data continuity in dashboards
base os upgrade (Flatcar Container Linux 3815.2.5)

https://nabox.org/downloads/

wintry fjord Jul 3, 2024, 4:28 PM

#

Does this fix the OpenSSH vulnerability?

muted wasp Jul 4, 2024, 2:00 PM

#

Probably does yes, which CVE are you referring to ?

wintry fjord Jul 4, 2024, 2:41 PM

#

muted wasp Probably does yes, which CVE are you referring to ?

The big one making the news.

#

https://security.netapp.com/advisory/ntap-20240701-0001/

CVE-2024-6387 OpenSSH Vulnerability in NetApp Products | NetApp Pro...

muted wasp Jul 4, 2024, 2:44 PM

#

https://www.flatcar.org/releases
Yes that's fixed

Flatcar

Releases

wintry fjord Jul 4, 2024, 2:44 PM

#

Yep it is. I ran a python check script against my instance and it's showing vulnerable.

pstejska@pstejska-pc:~$ python3 cve.py 10.216.33.135


                                      _________ _________ ___ ___ .__
_______   ____   ___________   ____  /   _____//   _____//   |   \|__| ____   ____
\_  __ \_/ __ \ / ___\_  __ \_/ __ \ \_____  \ \_____  \/    ~    \  |/  _ \ /    \
 |  | \/\  ___// /_/  >  | \/\  ___/ /        \/        \    Y    /  (  <_> )   |  \
 |__|    \___  >___  /|__|    \___  >_______  /_______  /\___|_  /|__|\____/|___|  /
             \/_____/             \/        \/        \/       \/                \/
    CVE-2024-6387 Vulnerability Checker
    v0.5 / Alex Hagenah / @xaitax / ah@primepage.de


Progress: 1/1 hosts scanned

🛡️ Servers not vulnerable: 0


🚨 Servers likely vulnerable: 1

   [+] Server at 10.216.33.135 (running SSH-2.0-OpenSSH_9.7)

⚠️ Servers with unknown SSH version: 0


🔒 Servers with port 22 closed: 0

📊 Total scanned targets: 1

pstejska@pstejska-pc:~$

#

Ah sure enough...

#

pstejska@pstejska-pc:~$ ssh admin@10.216.33.135
Warning: Permanently added '10.216.33.135' (ED25519) to the list of known hosts.
(admin@10.216.33.135) Password:
Last login: Thu Jul 4 10:15:06 UTC 2024 from 10.249.70.78 on pts/0
Flatcar Container Linux by Kinvolk stable 3815.2.5 for VMware

Welcome to NAbox !

Changes since Stable 3815.2.4
Security fixes:

openssh (CVE-2024-6387)

muted wasp Jul 4, 2024, 2:50 PM

#

So they say it's fixed and it isn't ? It might be a patch on vulnerable 9.7

wintry fjord Jul 4, 2024, 2:55 PM

#

It says the update is openssh 9.7p1.

#

I'm doing something else but I guess the version doesn't update the build reported by OpenSSH, but it has the fix.

muted wasp Jul 4, 2024, 2:56 PM

#

admin@localhost ~ $ ssh -V
OpenSSH_9.7p1, OpenSSL 3.0.9 30 May 2023

hazy eagle Jul 10, 2024, 12:17 PM

#

Missing the „dashboard to default“ and „reboot“ button in update section 🥹

long owl Jul 10, 2024, 4:12 PM

#

hazy eagle Missing the „dashboard to default“ and „reboot“ button in update section 🥹

@muted wasp I‘m not alone 😂

muted wasp Jul 10, 2024, 4:13 PM

#

lol. Ok ok…

muted wasp Jul 10, 2024, 4:14 PM

#

hazy eagle Missing the „dashboard to default“ and „reboot“ button in update section 🥹

Reset dashboard isn’t relevant anymore, harvest dashboards should be immutable.

#

Regarding reboot, ok I guess I can add it back.

muted wasp Jul 11, 2024, 6:45 AM

#

hazy eagle Jul 11, 2024, 1:02 PM

#

@muted wasp thx 👌🏻😁

#NAbox 4.0.3 is available