Exploit for Race Condition in Openbsd Openssh CVE-2024-6387

Name: Exploit for Race Condition in Openbsd Openssh CVE-2024-6387
Rating: 5 (1158 reviews)

2024-07-02 | CVSS 8.1

## https://sploitus.com/exploit?id=1CF00BB8-B891-5347-A2DC-2C6A6BFF7C99
# Vulnerability Description  
CVE-2024-6387: A vulnerability in the signal handling mechanism of OpenSSH servers on Linux systems based on glibc. This vulnerability occurs due to the use of the async-signal-unsafe function within the SIGALRM handler. As a result, remote code execution with root privileges is possible.  
# Vulnerability Summary  
This vulnerability targets the signal handling mechanism in OpenSSH. Affected versions include OpenSSH 8.5p1 to 9.8p1. The vulnerability allows remote code execution with root privileges due to the insecure use of asynchronous signals in the vulnerable SIGALRM handler.  
# Asset Mapping  
```
protocol="ssh"
```  
# Script Compilation  
The code needs to be compiled into an executable file. Assume the file name is exploit.c. Use the following command for compilation:  
```
gcc -o exploit exploit.c  
./exploit  
```  
For example:  
`./exploit 192.168.1.100 22`