CVE-2024-6387.py – PoC Important Notes!!! The exploit works ONLY for 32-bit OpenSSH-Servers. This is due to the POC uses 32-bit pointers! It is also known that some versions are already patched, and not every server is vulnerable. Tested on: Kali Linux, ParrotSec, Ubuntu 22.04 📜 Description Remote Unauthenticated Code Execution Vulnerability in OpenSSH server CVE-2024-6387.py is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH, specifically targeting the recently discovered regreSSHion vulnerability (CVE-2024-6387). This script facilitates rapid scanning of multiple IP addresses, domain names, and CIDR network ranges to detect potential vulnerabilities and ensure your infrastructure is secure. A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). 📁 Table of Contents 📖 Details 🌟 Features ⚙️ Usage O Output 🔍 Host Discovery 🛠️ Mitigation 💁 References 📌 Author 📢 Disclaimer ✍🏻 Details You can find the technical details here. The flaw, discovered by researchers at Qualys in May 2024, and assigned the identifier CVE-2024-6387, is due to a signal handler race condition in sshd that allows unauthenticated remote attackers to execute…Read More