Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/P4x1s/CVE-2024-6387
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
SSH RCE PoC CVE-2024-6387
Readme
# 漏洞描述

CVE-2024-6387 漏洞利用,针对sshd基于 glibc 的 Linux 系统上 OpenSSH 服务器 () 中的信号处理程序竞争条件。由于在SIGALRM处理程序中调用了 async-signal-unsafe 函数,该漏洞允许以 root 身份执行远程代码。

# 漏洞摘要

该漏洞针对的是SIGALRMOpenSSH 中的处理程序竞争条件sshd。

受影响的版本:OpenSSH 8.5p1至9.8p1。

漏洞:由于存在漏洞的SIGALRM处理程序调用异步信号不安全函数,因此可以以 root 身份执行远程代码。

# 资产测绘

```
protocol="ssh"
```

# 脚本编译

需要将代码编译成可执行文件。假设文件名为exploit.c,使用以下命令进行编译

```

gcc -o exploit exploit.c

./exploit <ip> <port>

例如:

./exploit 192.168.1.100 22

```
File Snapshot

 [4.0K]  /data/pocs/78cf8c549aaeb33edc7990819233f9460409f5de
├── [ 15K]  7etsuo-regreSSHion.c
├── [ 801]  README.md
└── [ 53K]  regresshion.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →