Proxymiity
/
cve-2024-6387-poc
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-07-01. You can view files and clone it, but cannot push or open issues or pull requests.
2 Commits 1 Branch 0 Tags 45 KiB
C 100%
Go to file
Acrono ad599d94dc
Update README.md 		2024-07-01 15:25:01 +03:00
7etsuo-regreSSHion.c first commit 2024-07-01 15:17:15 +03:00
README.md Update README.md 2024-07-01 15:25:01 +03:00
regresshion.txt first commit 2024-07-01 15:17:15 +03:00

README.md

cve-2024-6387-poc

a signal handler race condition in OpenSSH's server (sshd)

  • 7etsuo

Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

Exploit Details

Vulnerability Summary

The exploit targets the SIGALRM handler race condition in OpenSSH's sshd:

  • Affected Versions: OpenSSH 8.5p1 to 9.8p1.
  • Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.