CVE-2024-6387 PoC — OpenSSH 安全漏洞

Source

https://github.com/alex14324/ssh_poc2024

Associated Vulnerability

Title:OpenSSH 安全漏洞 (CVE-2024-6387)
Description:OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞，该漏洞源于信号处理程序中存在竞争条件，攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。

Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server

Readme

# cve-2024-6387-poc
> a signal handler race condition in OpenSSH's server (sshd)

- 7etsuo

## Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.

## Exploit Details

### Vulnerability Summary

The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
- **Affected Versions**: OpenSSH 8.5p1 to 9.8p1.
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.

File Snapshot


 [4.0K]  /data/pocs/92f8ff3bd0a4dc4bbb5bf5ba4951efcb38c05348
├── [ 15K]  7etsuo-regreSSHion.c
├── [ 673]  README.md
└── [ 53K]  regresshion.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!