.. / CVE-2024-6387

Exploit for OpenSSH - Unauthenticated Remote Code Execution (regreSSHion, CVE-2024-6387)

Description:

A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Proof of Concept

PoC exploit

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-6387
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server