CVE-2024-6387 – PoC 📜 Description Note: This script is a quick prototype PoC, expect some errors and bugs may occur. Tested on: Kali Linux, ParrotSec, Ubuntu 22.04 Remote Unauthenticated Code Execution Vulnerability in OpenSSH server A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). 📁 Table of Contents 📖 Details ⚙️ Usage 🔍 Host Discovery 🛠️ Mitigation 💁 References 📌 Author 📢 Disclaimer ✍🏻 Details You can find the technical details here. The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024-6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute arbitrary code as root. "If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe," "A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges." ⚙️ Usage Scanning OpenSSH Server Requirement: python3 latest “`bash $ python3 CVE-2024-6387.py –exploit 192.168.56.101 –port 22 ██████╗ ██████╗ ███████╗███╗ ██╗███████╗███████╗██╗ ██╗…Read More