A PoC exploit for the critical OpenSSH vulnerability CVE-2024-6387 has been released, enabling remote attackers to execute arbitrary code on vulnerable servers, posing serious risks to users.
CVE-2024-6387
The vulnerability is a race condition in OpenSSH’s server daemon (sshd). If a client fails to authenticate within the LoginGraceTime, the system’s signal handler can trigger unsafe function calls.
The PoC exploit, created by GitHub user YassDEV221608, targets 32-bit OpenSSH servers on Linux systems using GNU C Library (glibc). OpenBSD systems are not affected by this flaw.
According to Exploit Finder, the exploit exploits a race condition in sshd’s SIGALRM handler, triggered after failed authentication attempts. This flaw can allow attackers to execute code and gain root access.
Although the exploit requires multiple attempts to succeed, cybersecurity expert Schwartz highlights its severe potential impact. OpenSSH developers have confirmed that only certain versions are affected and recommend applying patches promptly.
For those investigating the exploit, a vulnerable OpenSSH environment can be set up using Docker. A sample Dockerfile is provided for this purpose.
PoC Script Targeting CVE-2024-6387
CVE-2024-6387.py: A PoC Script for Scanning and Exploiting Vulnerable Servers
import argparse
import threading
import socket
import time
def exploit_vulnerability(target_ip, target_port):
# Logic to exploit CVE-2024-6387
# (This is a simplified demonstration)
print(f"Exploiting target: {target_ip}:{target_port}")
# Add actual exploitation code here...
def main():
parser = argparse.ArgumentParser(description='CVE-2024-6387 PoC Exploit Script')
parser.add_argument('-T', '--targets', required=True, help='Target IP addresses or domain names')
parser.add_argument('-p', '--port', default=22, help='Port number to exploit (default: 22)')
args = parser.parse_args()
targets = args.targets.split(',')
threads = []
for target in targets:
thread = threading.Thread(target=exploit_vulnerability, args=(target, args.port))
threads.append(thread)
thread.start()
for thread in threads:
thread.join()
if __name__ == "__main__":
main()
Admins should update OpenSSH to the latest patched versions to address CVE-2024-6387. Limiting login attempts and improving logging can further reduce risks. Organizations are urged to check for vulnerabilities and apply updates promptly to stay secure.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment