cve-2024-6387-poc/README.md

# cve-2024-6387-poc
> a signal handler race condition in OpenSSH's server (sshd)

- 7etsuo

## Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.

## Exploit Details

### Vulnerability Summary

The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
- **Affected Versions**: OpenSSH 8.5p1 to 9.8p1.
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.
first commit 2024-07-01 12:17:15 +00:00			`# cve-2024-6387-poc`
Update README.md 2024-07-01 12:25:01 +00:00			`> a signal handler race condition in OpenSSH's server (sshd)`

			`- 7etsuo`

			`## Description`

			An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.

			`## Exploit Details`

			`### Vulnerability Summary`

			The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
			`- Affected Versions: OpenSSH 8.5p1 to 9.8p1.`
			- Exploit: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.