CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source

Associated Vulnerability

Description

CVE-2024-6387-nmap

Readme

# OpenSSH Vulnerability Checker Nmap Script

## Description

The `openssh-vuln-checker.nse` script checks if a server is running a vulnerable version of OpenSSH(CVE-2024-6387). It connects to the SSH port, retrieves the SSH banner, and compares it against a list of known vulnerable versions.

## Vulnerable Versions

The script checks for the following vulnerable versions of OpenSSH:
- SSH-2.0-OpenSSH_8.5p1
- SSH-2.0-OpenSSH_8.6p1
- SSH-2.0-OpenSSH_8.7p1
- SSH-2.0-OpenSSH_8.8p1
- SSH-2.0-OpenSSH_8.9p1
- SSH-2.0-OpenSSH_9.0p1
- SSH-2.0-OpenSSH_9.1p1
- SSH-2.0-OpenSSH_9.2p1
- SSH-2.0-OpenSSH_9.3p1
- SSH-2.0-OpenSSH_9.4p1
- SSH-2.0-OpenSSH_9.5p1
- SSH-2.0-OpenSSH_9.6p1
- SSH-2.0-OpenSSH_9.7p1

## Reference
- https://ubuntu.com/security/CVE-2024-6387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6387
## Usage
- nmap --script openssh-vuln-checker -p 22 <target>

## Output
- PORT   STATE SERVICE
- 22/tcp open  ssh
- | openssh-vuln-checker:
- |   Server at <IP> is running SSH-2.0-OpenSSH_<version> (vulnerable)
- |_  Server at <IP> is not vulnerable (running SSH-2.0-OpenSSH_<version>)

File Snapshot

 [4.0K]  /data/pocs/21d279afb0da6979ee5650db764fa08fef73ef72
├── [2.1K]  openssh-vuln-checker.nse
└── [1.1K]  README.md

0 directories, 2 files

Remarks