Update README.md
This commit is contained in:
parent
2ae06d6001
commit
ad599d94dc
16
README.md
16
README.md
|
@ -1,2 +1,16 @@
|
|||
# cve-2024-6387-poc
|
||||
a signal handler race condition in OpenSSH's server (sshd)
|
||||
> a signal handler race condition in OpenSSH's server (sshd)
|
||||
|
||||
- 7etsuo
|
||||
|
||||
## Description
|
||||
|
||||
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.
|
||||
|
||||
## Exploit Details
|
||||
|
||||
### Vulnerability Summary
|
||||
|
||||
The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
|
||||
- **Affected Versions**: OpenSSH 8.5p1 to 9.8p1.
|
||||
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.
|
||||
|
|
Reference in New Issue