CVE-2016-8858 PoC — OpenSSH'ssh/kex.c'拒绝服务漏洞

Source

Associated Vulnerability

Title:OpenSSH'ssh/kex.c'拒绝服务漏洞 (CVE-2016-8858)
Description:OpenSSH（OpenBSD Secure Shell）是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 6.x版本和7.x至7.3版本中的kex.c文件的‘kex_input_kexinit’函数存在拒绝服务漏洞。远程攻击者可通过发送许多复制的KEXINIT请求利用该漏洞造成拒绝服务。注意：第三方报告称不将OpenSSH upstream视为安全漏洞。

Description

Proof of concept for CVE-2016-8858

File Snapshot


 [4.0K]  /data/pocs/a377e492131cc64fef08475ccc0e44bdca1369f0
├── [ 135]  autogen.des
├── [  82]  autogen.sh
├── [ 965]  configure.ac
├── [  53]  HISTORY
├── [  21]  INSTALL
├── [1.4K]  LICENSE
├── [  93]  Makefile.am
├── [ 411]  README
└── [4.0K]  src
    ├── [ 11K]  kexkill.c
    └── [  53]  Makefile.am

1 directory, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!