Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387
Readme
# CVE-2024-6387 Checker

This README provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387. The script inspects the installed `sshd` binaries on your system, determines their versions, and checks for vulnerability status based on the detected version.

## Requirements

- Unix-like operating system (Linux, macOS, etc.)
- `awk`, `grep`, `sed`, `strings`, and `cut` utilities available in your shell environment

## Script Overview


The script performs the following steps:

1. Identifies all instances of `sshd` using the `type -a sshd` command.
2. Extracts the version string from each `sshd` binary.
3. Parses the version string to determine the major and minor version numbers.
4. Checks the parsed version against known vulnerable and non-vulnerable versions of OpenSSH.
5. Outputs the version and vulnerability status for each `sshd` binary.

## Usage

1. Copy the script into a file, e.g., `check_cve_2024_6387.sh`.
2. Give the script execute permissions:

    ```sh
    chmod +x check_cve_2024_6387.sh
    ```

3. Run the script:

    ```sh
    ./check_cve_2024_6387.sh
    ```

```sh
#!/bin/bash

for each_entry in $(type -a sshd | awk '{print $NF}' | uniq); do
  version_string=$(strings "$each_entry" | grep -o "OpenSSH_[0-9]\+\.[0-9]\+p[0-9]\+" | uniq)
  if [ -n "$version_string" ]; then
    version=$(echo "$version_string" | sed -E 's/OpenSSH_([0-9]+\.[0-9]+)p[0-9]+/\1/')
    major_version=$(echo $version | cut -d '.' -f 1)
    minor_version=$(echo $version | cut -d '.' -f 2)
    
    if [ "$major_version" -lt 4 ] || ([ "$major_version" -eq 4 ] && [ "$minor_version" -lt 4 ]); then
      status="YES (Unless patched for CVE-2006-5051 and CVE-2008-4109)"
    elif ([ "$major_version" -eq 4 ] && [ "$minor_version" -ge 4 ]) || ([ "$major_version" -ge 5 ] && [ "$major_version" -lt 8 ]) || ([ "$major_version" -eq 8 ] && [ "$minor_version" -lt 5 ]); then
      status="NO"
    elif ([ "$major_version" -eq 8 ] && [ "$minor_version" -ge 5 ]) || ([ "$major_version" -eq 9 ] && [ "$minor_version" -le 7 ]); then
      status="YES"
    else
      status="Unknown"
    fi

    echo "Found OpenSSH version: $version in $each_entry"
    echo "Vulnerability Status: $status"
    if [ "$status" == "YES" ]; then
      echo "Patch Immediately to OpenSSH 9.8/9.8p1"
    fi
  else
    echo "No match found for $each_entry"
  fi
done
File Snapshot

 [4.0K]  /data/pocs/892ee5604a41abce3258fef7bfa79f7c60fcd5d7
├── [1.2K]  checker.sh
├── [ 21K]  cve-2024-6387-poc.zip
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →