Share
## https://sploitus.com/exploit?id=91752937-D1C1-5913-A96F-72F8B8AB4280
# CVE-2024-6387
> a signal handler race condition in OpenSSH's server (sshd)

## Description

An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (`sshd`) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the `SIGALRM` handler.

## Installation
$ ```make all```

## Usage
$ ```./exp <ip> <port>```

## Exploit Details

### Vulnerability Summary

The exploit targets the `SIGALRM` handler race condition in OpenSSH's `sshd`:
- **Affected Versions** = [
        'SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10',
        'SSH-2.0-OpenSSH_9.3p1 Ubuntu-3ubuntu3.6',
        'SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3',
        'SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.6',
        'SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3',
        'SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3'
    ]
- **Exploit**: Remote code execution as root due to the vulnerable `SIGALRM` handler calling async-signal-unsafe functions.