支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-6387 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Openssh: regresshion - race condition in ssh allows rce/dos
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
信号处理例程中的竞争条件
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
OpenSSH 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Red HatRed Hat Enterprise Linux 9 0:8.7p1-38.el9_4.1 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:8.7p1-38.el9_4.1 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions 0:8.7p1-12.el9_0.1 ~ * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 0:8.7p1-30.el9_2.4 ~ * cpe:/o:redhat:rhel_eus:9.2::baseos
Red HatRed Hat OpenShift Container Platform 4.13 413.92.202407091321-0 ~ * cpe:/a:redhat:openshift:4.13::el9
Red HatRed Hat OpenShift Container Platform 4.14 414.92.202407091253-0 ~ * cpe:/a:redhat:openshift:4.14::el8
Red HatRed Hat OpenShift Container Platform 4.15 415.92.202407091355-0 ~ * cpe:/a:redhat:openshift:4.15::el8
Red HatRed Hat OpenShift Container Platform 4.16 416.94.202407081958-0 ~ * cpe:/a:redhat:openshift:4.16::el9
Red HatRed Hat Ceph Storage 5-cpe:/a:redhat:ceph_storage:5
Red HatRed Hat Ceph Storage 6-cpe:/a:redhat:ceph_storage:6
Red HatRed Hat Ceph Storage 7-cpe:/a:redhat:ceph_storage:7
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
二、漏洞 CVE-2024-6387 的公开POC
#POC 描述源链接神龙链接
1a signal handler race condition in OpenSSH's server (sshd)https://github.com/zgzhang/cve-2024-6387-pocPOC详情
2Nonehttps://github.com/acrono/cve-2024-6387-pocPOC详情
3Nonehttps://github.com/lflare/cve-2024-6387-pocPOC详情
4Spirit - Network Pentest Tools CVE-2024-6387https://github.com/theaog/spiritPOC详情
5Nonehttps://github.com/shyrwall/cve-2024-6387-pocPOC详情
6Nonehttps://github.com/getdrive/CVE-2024-6387-PoCPOC详情
7SSHd cve-2024-6387-pochttps://github.com/FerasAlrimali/CVE-2024-6387-POCPOC详情
8Nonehttps://github.com/passwa11/cve-2024-6387-pocPOC详情
9Nonehttps://github.com/jack0we/CVE-2024-6387POC详情
10CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSHhttps://github.com/xaitax/CVE-2024-6387_CheckPOC详情
11Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others.https://github.com/bigb0x/CVE-2024-6387POC详情
12CLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387https://github.com/wiggels/regresshion-checkPOC详情
13SSH RCE PoC CVE-2024-6387https://github.com/3yujw7njai/CVE-2024-6387POC详情
14OpenSSH CVE-2024-6387 Vulnerability Checkerhttps://github.com/betancour/OpenSSH-Vulnerability-testPOC详情
15Nonehttps://github.com/zgimszhd61/cve-2024-6387-pocPOC详情
16Nonehttps://github.com/yya1233/CVE-2024-6387-Updated-SSH-RCEPOC详情
17Nonehttps://github.com/muyuanlove/CVE-2024-6387fixshellPOC详情
18Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.https://github.com/TAM-K592/CVE-2024-6387POC详情
19This is a POC I wrote for CVE-2024-6387https://github.com/teamos-hub/regreSSHionPOC详情
20Nonehttps://github.com/Maikefee/CVE-2024-6387_Check.pyPOC详情
21Nonehttps://github.com/ahlfors/CVE-2024-6387POC详情
22Nonehttps://github.com/Mufti22/CVE-2024-6387-checkherPOC详情
23CVE-2024-6387 exploithttps://github.com/thegenetic/CVE-2024-6387-exploitPOC详情
24RCE OpenSSH CVE-2024-6387 Checkhttps://github.com/HadesNull123/CVE-2024-6387_CheckPOC详情
25This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.https://github.com/R4Tw1z/CVE-2024-6387POC详情
26This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH.https://github.com/d0rb/CVE-2024-6387POC详情
27Nonehttps://github.com/oliferFord/CVE-2024-6387-SSH-RCEPOC详情
28Used to detect ssh servers vulnerable to CVE-2024-6387. Shameless robbery from https://github.com/bigb0x/CVE-2024-6387 using ChatGPT to translate the code to PHP.https://github.com/CiderAndWhisky/regression-scannerPOC详情
29Script for checking CVE-2024-6387 (regreSSHion)https://github.com/shamo0/CVE-2024-6387_PoCPOC详情
30CVE-2024-6387-nmaphttps://github.com/paradessia/CVE-2024-6387-nmapPOC详情
31This Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability.https://github.com/SecWithMoh/CVE-2024-6387POC详情
32Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.inhttps://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bitPOC详情
33Nonehttps://github.com/k4t3pr0/CVE-2024-6387-POCPOC详情
34An Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version.https://github.com/DanWiseProgramming/CVE-2024-6387-Mitigation-Ansible-PlaybookPOC详情
35openssh-cve-2024-6387.shhttps://github.com/rumochnaya/openssh-cve-2024-6387.shPOC详情
36Mitigation Guide for CVE-2024-6387 in OpenSSHhttps://github.com/zenzue/CVE-2024-6387-MitigationPOC详情
37Nonehttps://github.com/devarshishimpi/CVE-2024-6387-CheckPOC详情
38cve-2024-6387_AImadehttps://github.com/hssmo/cve-2024-6387_AImadePOC详情
39Nonehttps://github.com/ACHUX21/checker-CVE-2024-6387POC详情
40CVE-2024-6387 with auto ip scanner and auto expliot https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387POC详情
41A bash script for nmap to scan for vulnerable machines in regards to the latest CVE-2024-6387https://github.com/xristos8574/regreSSHion-nmap-scannerPOC详情
42CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.https://github.com/xonoxitron/regreSSHionPOC详情
43开箱即用的AK47https://github.com/no-one-sec/CVE-2024-6387POC详情
44Nonehttps://github.com/dawnl3ss/CVE-2024-6387POC详情
45Nonehttps://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POCPOC详情
46CVE-2024-6387 : Vulnerability Detection tool for regreSSHion Remote Unauthenticated Code Execution in OpenSSH Serverhttps://github.com/th3gokul/CVE-2024-6387POC详情
47Test_CVE-2024-6387 is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSHhttps://github.com/n1cks0n/Test_CVE-2024-6387POC详情
48PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) https://github.com/l0n3m4n/CVE-2024-6387POC详情
49CVE-2024-6387-Check is a streamlined and efficient tool created to detect servers operating on vulnerable versions of OpenSSH.https://github.com/RickGeex/CVE-2024-6387-CheckerPOC详情
50Quickly identifies servers vulnerable to OpenSSH 'regreSSHion' (CVE-2024-6387).https://github.com/xonoxitron/regreSSHion-checkerPOC详情
51Nonehttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-templatePOC详情
52Nonehttps://github.com/edsonjt81/CVE-2024-6387_CheckPOC详情
53Nonehttps://github.com/EkaterinaMarchetti/CVE-2024-6387-regreSSHion-CheckerPOC详情
54regreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Scripthttps://github.com/grupooruss/CVE-2024-6387-TesterPOC详情
55Nonehttps://github.com/CognisysGroup/CVE-2024-6387-CheckerPOC详情
56Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems.https://github.com/sxlmnwb/CVE-2024-6387POC详情
57SSH Exploit for CVE-2024-6387 : RCE in OpenSSH's server, on glibc-based Linux systemshttps://github.com/Symbolexe/CVE-2024-6387POC详情
58SentinelSSH is an advanced, high-performance SSH vulnerability scanner written in Go. It's specifically designed to detect the CVE-2024-6387 vulnerability in OpenSSH servers across various network environments.https://github.com/harshinsecurity/sentinelsshPOC详情
59Nonehttps://github.com/t3rry327/cve-2024-6387-pocPOC详情
60Nonehttps://github.com/jocker2410/CVE-2024-6387_pocPOC详情
61CVE-2024-6387_Check 是一款轻量级、高效的工具,旨在识别运行易受攻击的 OpenSSH 版本的服务器,专门针对最近发现的regreSSHion漏洞 (CVE-2024-6387)。此脚本有助于快速扫描多个 IP 地址、域名和 CIDR 网络范围,以检测潜在漏洞并确保您的基础设施安全。https://github.com/JackSparrowhk/ssh-CVE-2024-6387-pocPOC详情
62Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository! This project offers multiple scripts to check the installed version of OpenSSH on your system and determine if it is vulnerable to CVE-2024-6387. It supports various environments, including Ubuntu, Mac, and Windows.https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-CheckerPOC详情
63Nonehttps://github.com/sms2056/CVE-2024-6387POC详情
64Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-POC详情
65Nonehttps://github.com/lala-amber/CVE-2024-6387POC详情
66rewrited SSH Exploit for CVE-2024-6387 (regreSSHion)https://github.com/4lxprime/regreSSHivePOC详情
67A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.https://github.com/sardine-web/CVE-2024-6387_CheckPOC详情
68HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).https://github.com/0x4D31/cve-2024-6387_hasshPOC详情
69CVE-2024-6387-Check es una herramienta ligera y eficiente diseñada para identificar servidores que ejecutan versiones vulnerables de OpenSSH, específicamente el fallo de seguridad conocido como regreSSHion (CVE-2024-6387). Este script facilita el análisis rápido de múltiples direcciones IP, nombres de dominio y rangos de red CIDR.https://github.com/Segurmatica/CVE-2024-6387-CHECKPOC详情
70Quick regreSSHion checker (based on software version) for nuclei CVE-2024-6387https://github.com/sardine-web/CVE-2024-6387-templatePOC详情
71Nonehttps://github.com/imv7/CVE-2024-6387POC详情
72CVE-2024-6387 SSH finderhttps://github.com/SiberianHacker/CVE-2024-6387-FinderPOC详情
73Correção e Atualização do OpenSSH para CVE-2024-6387https://github.com/dgicloud/patch_regreSSHionPOC详情
74Vulnerability remediation and mitigationCVE-2024-6387https://github.com/azurejoga/CVE-2024-6387-how-to-fixPOC详情
75regreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Scripthttps://github.com/grupooruss/CVE-2024-6387POC详情
76Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)https://github.com/asterictnl-lvdw/CVE-2024-6387POC详情
77Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387https://github.com/vkaushik-chef/regreSSHionPOC详情
78Nonehttps://github.com/dgourillon/mitigate-CVE-2024-6387POC详情
79Nonehttps://github.com/mrmtwoj/CVE-2024-6387POC详情
80This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.https://github.com/filipi86/CVE-2024-6387-Vulnerability-CheckerPOC详情
81This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerabilityhttps://github.com/kubota/CVE-2024-6387-Vulnerability-CheckerPOC详情
82Nonehttps://github.com/DimaMend/cve-2024-6387-pocPOC详情
83Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs.https://github.com/bigb0x/SSH-ScannerPOC详情
84CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.https://github.com/ThemeHackers/CVE-2024-6387POC详情
85 OpenSSH vulnerability CVE-2024-6387https://github.com/Sibijo/mitigate_sshPOC详情
86Fix for regreSSHion CVE-2024-6387 for Ubuntu and Debianhttps://github.com/Passyed/regreSSHion-FixPOC详情
87Lỗ hổng thực thi mã không được xác thực từ xa trong máy chủ OpenSSHhttps://github.com/k4t3pr0/CVE-2024-6387-CheckPOC详情
88Script to address CVE-2024-6387 by changing the LoginGraceTime in sshd.https://github.com/liqhtnd/sshd-logingracetime0POC详情
89 OpenSSH a publié un avis de sécurité concernant la vulnérabilité critique CVE-2024-6387. Cette vulnérabilité permet à un attaquant non authentifié d'exécuter du code arbitrairehttps://github.com/Jhonsonwannaa/CVE-2024-6387POC详情
90OpenSSH RCE Massive Vulnerable Scannerhttps://github.com/ThatNotEasy/CVE-2024-6387POC详情
91Nonehttps://github.com/W1hithat/CVE-2024-6387POC详情
92Nonehttps://github.com/prelearn-code/CVE-2024-6387POC详情
93proof of concept python script for regreSSHion exploithttps://github.com/l-urk/CVE-2024-6387POC详情
94An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server https://github.com/alex14324/ssh_poc2024POC详情
95Proof of concept python script for regreSSHion exploit. Version 0.1.0.https://github.com/l-urk/CVE-2024-6387-LPOC详情
96CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH. https://github.com/niktoproject/CVE-202406387_Check.pyPOC详情
97Nonehttps://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSHPOC详情
98A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems against potential remote code execution risks associated with affected OpenSSH versions.https://github.com/almogopp/OpenSSH-CVE-2024-6387-FixPOC详情
99This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-CheckerPOC详情
100In an era where digital security is crucial, a new vulnerability in OpenSSH, identified as CVE-2024-6387, has drawn the attention of system administrators and security professionals worldwide. Named "regreSSHion," this severe security flaw allows remote code execution (RCE) and could significant threat to the integrity of vulnerable systems.https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387POC详情
101An Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version.https://github.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-PlaybookPOC详情
102 OpenSSH a publié un avis de sécurité concernant la vulnérabilité critique CVE-2024-6387. Cette vulnérabilité permet à un attaquant non authentifié d'exécuter du code arbitrairehttps://github.com/dream434/CVE-2024-6387POC详情
103Nonehttps://github.com/skysaints/CVE-2024-6387-POCPOC详情
104Nonehttps://github.com/skyalliance/CVE-2024-6387-POCPOC详情
105Nonehttps://github.com/YassDEV221608/CVE-2024-6387POC详情
106Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)https://github.com/oxapavan/CVE-2024-6387POC详情
107Nonehttps://github.com/zql-gif/CVE-2024-6387POC详情
108test code for cve-2024-6387https://github.com/awusan125/test_for6387POC详情
109CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.https://github.com/anhvutuan/CVE-2024-6387-poc-1POC详情
110Nonehttps://github.com/YassDEV221608/CVE-2024-6387_PoCPOC详情
111Script to address CVE-2024-6387 by changing the LoginGraceTime in sshd.https://github.com/liqhtnd/sshd-logingracetimePOC详情
112This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them.https://github.com/AzrDll/CVE-2024-6387POC详情
113Nonehttps://github.com/SkyGodling/CVE-2024-6387-POCPOC详情
114Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)https://github.com/Karmakstylez/CVE-2024-6387POC详情
115SSH RCE PoC CVE-2024-6387https://github.com/AiK1d/CVE-2024-6387POC详情
116 OpenSSH vulnerability CVE-2024-6387https://github.com/redux-sibi-jose/mitigate_sshPOC详情
117Nuclei template to detect CVE-2024-6387. All latest patched versions are excluded.https://github.com/xiw1ll/CVE-2024-6387_CheckerPOC详情
118CVE-2024-6387https://github.com/moften/regreSSHion-CVE-2024-6387POC详情
119SSH RCE PoC CVE-2024-6387https://github.com/P4x1s/CVE-2024-6387POC详情
120CVE-2024-6387 Exploit mit Reverse/Bind-Shell Support.https://github.com/OhDamnn/NoregresshPOC详情
121Relatório de Pentest Full-Scope (Black Box) focado em Red Team. Análise de segurança Web (SQL Injection, XSS), Wireless (WEP/WPA2), Evasão de Firewall (IP Fragmentation) e Exploração de RCE em OpenSSH (CVE-2024-6387).https://github.com/arielrbrdev/redteamlab1POC详情
122This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them.https://github.com/kinu404/CVE-2024-6387POC详情
123Nonehttps://github.com/Ngagne-Demba-Dia/CVE-2024-6387-corrigeePOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2024-6387 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2024-6387 的评论

暂无评论

发表评论