CVE-2024-6387 β PoC π Description Note: This script is a quick prototype PoC, expect some errors and bugs may occur. Tested on: Kali Linux, ParrotSec, Ubuntu 22.04 Remote Unauthenticated Code Execution Vulnerability in OpenSSH server A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). π Table of Contents π Details βοΈ Usage π Host Discovery π οΈ Mitigation π References π Author π’ Disclaimer βπ» Details You can find the technical details here. The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024-6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute arbitrary code as root. "If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe," "A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges." βοΈ Usage Scanning OpenSSH Server Requirement: python3 latest β`bash $ python3 CVE-2024-6387.py βexploit 192.168.56.101 βport 22 βββββββ βββββββ ββββββββββββ ββββββββββββββββββββββ ββββ¦Read More