Update README.md

This commit is contained in:
Acrono 2024-07-01 15:25:01 +03:00 committed by GitHub
parent 2ae06d6001
commit ad599d94dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 1 deletions

View File

@ -1,2 +1,16 @@
# cve-2024-6387-poc
a signal handler race condition in OpenSSH's server (sshd)
> a signal handler race condition in OpenSSH's server (sshd)
- 7etsuo
## Description
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.
## Exploit Details
### Vulnerability Summary
The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
- **Affected Versions**: OpenSSH 8.5p1 to 9.8p1.
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.