Skip to content

Latest commit

 

History

History
27 lines (20 loc) · 1019 Bytes

README.md

File metadata and controls

27 lines (20 loc) · 1019 Bytes

CVE-2024-6387

a signal handler race condition in OpenSSH's server (sshd)

Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.

Installation

$ make all

Usage

$ ./exp <ip> <port>

Exploit Details

Vulnerability Summary

The exploit targets the SIGALRM handler race condition in OpenSSH's sshd:

  • Affected Versions = [ 'SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10', 'SSH-2.0-OpenSSH_9.3p1 Ubuntu-3ubuntu3.6', 'SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3', 'SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.6', 'SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3', 'SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3' ]
  • Exploit: Remote code execution as root due to the vulnerable SIGALRM handler calling async-signal-unsafe functions.