Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-8858 PoC — OpenSSH'ssh/kex.c'拒绝服务漏洞

Source
https://github.com/dag-erling/kexkill
Associated Vulnerability
Title:OpenSSH'ssh/kex.c'拒绝服务漏洞 (CVE-2016-8858)
Description:The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Description
Proof of concept for CVE-2016-8858
File Snapshot

 [4.0K]  /data/pocs/a377e492131cc64fef08475ccc0e44bdca1369f0
├── [ 135]  autogen.des
├── [  82]  autogen.sh
├── [ 965]  configure.ac
├── [  53]  HISTORY
├── [  21]  INSTALL
├── [1.4K]  LICENSE
├── [  93]  Makefile.am
├── [ 411]  README
└── [4.0K]  src
    ├── [ 11K]  kexkill.c
    └── [  53]  Makefile.am

1 directory, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →