Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387
Readme
# CVE-2024-6387 Checker

This README provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387. The script inspects the installed `sshd` binaries on your system, determines their versions, and checks for vulnerability status based on the detected version.

## Requirements

- Unix-like operating system (Linux, macOS, etc.)
- `awk`, `grep`, `sed`, `strings`, and `cut` utilities available in your shell environment

## Script Overview


The script performs the following steps:

1. Identifies all instances of `sshd` using the `type -a sshd` command.
2. Extracts the version string from each `sshd` binary.
3. Parses the version string to determine the major and minor version numbers.
4. Checks the parsed version against known vulnerable and non-vulnerable versions of OpenSSH.
5. Outputs the version and vulnerability status for each `sshd` binary.

## Usage

1. Copy the script into a file, e.g., `check_cve_2024_6387.sh`.
2. Give the script execute permissions:

    ```sh
    chmod +x check_cve_2024_6387.sh
    ```

3. Run the script:

    ```sh
    ./check_cve_2024_6387.sh
    ```

```sh
#!/bin/bash

for each_entry in $(type -a sshd | awk '{print $NF}' | uniq); do
  version_string=$(strings "$each_entry" | grep -o "OpenSSH_[0-9]\+\.[0-9]\+p[0-9]\+" | uniq)
  if [ -n "$version_string" ]; then
    version=$(echo "$version_string" | sed -E 's/OpenSSH_([0-9]+\.[0-9]+)p[0-9]+/\1/')
    major_version=$(echo $version | cut -d '.' -f 1)
    minor_version=$(echo $version | cut -d '.' -f 2)
    
    if [ "$major_version" -lt 4 ] || ([ "$major_version" -eq 4 ] && [ "$minor_version" -lt 4 ]); then
      status="YES (Unless patched for CVE-2006-5051 and CVE-2008-4109)"
    elif ([ "$major_version" -eq 4 ] && [ "$minor_version" -ge 4 ]) || ([ "$major_version" -ge 5 ] && [ "$major_version" -lt 8 ]) || ([ "$major_version" -eq 8 ] && [ "$minor_version" -lt 5 ]); then
      status="NO"
    elif ([ "$major_version" -eq 8 ] && [ "$minor_version" -ge 5 ]) || ([ "$major_version" -eq 9 ] && [ "$minor_version" -le 7 ]); then
      status="YES"
    else
      status="Unknown"
    fi

    echo "Found OpenSSH version: $version in $each_entry"
    echo "Vulnerability Status: $status"
    if [ "$status" == "YES" ]; then
      echo "Patch Immediately to OpenSSH 9.8/9.8p1"
    fi
  else
    echo "No match found for $each_entry"
  fi
done
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →