Skip to content
/ CVE-2024-6387 Public

CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ThemeHackers/CVE-2024-6387

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Checker.py
Checker.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2024-6387 (regreSSHion) in OpenSSH

Description

CVE-2024-6387, nicknamed "regreSSHion," is a critical vulnerability in OpenSSH that allows unauthenticated remote attackers to execute code with root privileges on vulnerable Linux systems. This vulnerability arises from a race condition in the signal handling of OpenSSH's server component (sshd) on glibc-based systems.

Severity

High (CVSS Score: 8.1)

Impact

Successful exploitation of this vulnerability can lead to:

  • Remote Code Execution: Attackers can execute arbitrary code on the target system with the highest privileges (root).
  • System Compromise: The compromised system can be used for further attacks or to gain access to sensitive data.
  • Denial of Service: The attack may cause the OpenSSH server to crash, disrupting SSH services.

Vulnerable Versions

OpenSSH versions 8.5p1 through 9.8p1 are vulnerable to CVE-2024-6387.

Mitigation

  1. Update OpenSSH: The most effective solution is to update OpenSSH to the latest version that includes the fix for this vulnerability.

  2. Disable Password Authentication: If updating is not immediately possible, consider disabling password authentication and using SSH keys exclusively.

Workarounds

There are no known workarounds for this vulnerability other than updating or disabling password authentication.

Additional Resources

Disclaimer

This information is provided as-is and may be updated as new information becomes available. It is recommended to consult official sources and security advisories for the latest information regarding CVE-2024-6387.

Features

  • Scans single IP addresses, hostnames, CIDR ranges, or lists from a file.
  • Supports custom SSH port numbers.
  • Adjustable connection timeout.
  • Categorizes servers as SAFE, VULNERABLE, UNKNOWN, or ERROR.
  • Colored output for easy identification of results.

Usage

  1. Prerequisites:

    • Python 3
    • argparse and ipaddress modules (usually included with Python)

  2. Save and Run:

    • Save the code below as cve_2024_6387_check.py.
    • Execute from the command line:
    python3 Checker.py [options] <addresses>
-f, --file: Path to a file containing a list of IP addresses or CIDR ranges.
-p, --ports: Comma-separated list of SSH port numbers (default is 22).
-t, --timeout: Connection timeout in seconds (default is 5.0).

About

CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages