Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/azurejoga/CVE-2024-6387-how-to-fix
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
Vulnerability remediation and mitigationCVE-2024-6387
Readme
# CVE-2024-6387-how-to-fix
Vulnerability remediation and mitigationCVE-2024-6387

# CVE-2024-6387: Critical RCE Vulnerability in OpenSSH ('regreSSHion')
* [My LinkedIn article](https://www.linkedin.com/posts/juan-mathews-rebello-santos-_github-azurejogacve-2024-6387-how-to-fix-activity-7215108434994577410-C1Id?utm_source=share&utm_medium=member_desktop)

* [CVE Details](https://www.cvedetails.com/cve/CVE-2024-6387/)

## Description
Qualys Threat Research Unit (TRU) has detailed a severe security flaw named 'regreSSHion' that leaves millions of Linux systems vulnerable to remote code execution (RCE). Identified as CVE-2024-6387 and discovered in May 2024, this vulnerability affects the OpenSSH server (sshd) on glibc-based Linux systems, allowing unauthenticated attackers to gain root access and take full control of affected machines.

“This bug marks the first vulnerability in OpenSSH in almost two decades — an unauthenticated RCE that grants root access. It affects the default configuration and requires no user interaction, posing a significant risk of exploitation,” notes the Qualys research group.

Qualys has also published a more technical article that delves into the exploitation process and possible mitigation strategies.

## Affected Versions
The regreSSHion flaw affects OpenSSH servers on Linux from version 8.5p1 up to, but not including, 9.8p1. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable to CVE-2024-6387 due to a patch for CVE-2006-5051, which secured a previously unsafe function. Versions prior to 4.4p1 are vulnerable to this regression unless patched for CVE-2006-5051 and CVE-2008-4109.

There is already a proof-of-concept (PoC) available for this vulnerability, and it is possible to search for vulnerable servers on the internet.

## Fixing the Vulnerability

CVE-2024-6387 affects earlier versions of OpenSSH and can be fixed by updating to the latest version. This tutorial will guide you through the process of downloading, compiling, and installing the latest version of OpenSSH, ensuring your installation is secure against this vulnerability.

### Step 1: Download and Prepare for Compilation

First, we will download and prepare the compilation of the latest OpenSSH version.

#### Install Compilation Dependencies

Run the following commands to update your system and install the necessary dependencies:
```sh
apt update
apt install build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev wget -y
```

#### Download the Latest Version of OpenSSH

Navigate to the `/usr/local/src` directory and download the latest OpenSSH package:
```sh
cd /usr/local/src
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
```

### Step 2: Compile and Install

Now, we will compile and install OpenSSH:
```sh
./configure
make
make install
```

### Step 3: Verify the Updated Version

After installation, verify the OpenSSH version to ensure the update was successful:
```sh
/usr/local/bin/ssh -V
```

### Step 4: Update the PATH

Ensure the new OpenSSH is in the correct PATH.

Add `/usr/local/bin` to the PATH:
```sh
export PATH=/usr/local/bin:$PATH
```

Add this line to your profile file (`~/.bashrc` or `~/.profile`) to make it permanent:
```sh
echo ‘export PATH=/usr/local/bin:$PATH’ >> ~/.bashrc
source ~/.bashrc
```

### Step 5: Check the SSH Service

Restart the SSH service to ensure it is using the new version. Be very careful not to disrupt your current SSH connection:
```sh
systemctl restart ssh
```

## Conclusion

By following these steps, you have secured your OpenSSH installation against the critical CVE-2024-6387 vulnerability. Stay vigilant and ensure your systems are always up-to-date with the latest security patches.

## Credits and Sources

1. [Patch Tutorial](https://dolutech.com/tutorial-de-correcao-da-cve-2024-6387-no-openssh/)
2. [Qualys](https://www.qualys.com/regresshion-cve-2024-6387/)
3. [Ubuntu Blog](https://ubuntu.com/blog/ubuntu-regresshion-security-fix)
File Snapshot

 [4.0K]  /data/pocs/7eca34f9aed1d3ef765ec2a6c03a8dc46416457c
├── [1.1K]  LICENSE
└── [4.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →