Proxymiity
/
cve-2024-6387-poc
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-07-01. You can view files and clone it, but cannot push or open issues or pull requests.
cve-2024-6387-poc/README.md

17 lines
673 B
Markdown
Raw Permalink Blame History

# cve-2024-6387-poc
> a signal handler race condition in OpenSSH's server (sshd)
- 7etsuo
## Description
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.
## Exploit Details
### Vulnerability Summary
The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
- **Affected Versions**: OpenSSH 8.5p1 to 9.8p1.
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.
Reference in New Issue View Git Blame Copy Permalink