odatacc/cve-2024-6387-poc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 2 Branches 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
tetsuo 59a34684bb Update README.md
2024-07-01 20:48:13 +08:00
7etsuo-regreSSHion.c
first commit
2024-07-01 10:53:30 +00:00
README.md
Update README.md
2024-07-01 20:48:13 +08:00
regresshion.txt
first commit
2024-07-01 10:53:30 +00:00

README.md

cve-2024-6387-poc

a signal handler race condition in OpenSSH's server (sshd)

  • 7etsuo

Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

Exploit Details

Vulnerability Summary

The exploit targets the SIGALRM handler race condition in OpenSSH's sshd:

  • Affected Versions: OpenSSH 8.5p1 to 9.8p1.
  • Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.
Description
32-bit PoC for CVE-2024-6387 "regreSSHion" -- mirror of the original 7etsuo/cve-2024-6387-poc
cve-2024-6387opensshpocrceregresshionssh
Readme 52 KiB
Languages
C 100%