CVE-2006-5051

HIGH

OpenSSH < 4.4 - Double Free via Signal Handler Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-5051. PoCs published by bigb0x, anhvutuan, sardine-web.

AI-analyzed exploit summary This repository contains a bulk scanning tool for detecting OpenSSH vulnerabilities, including CVE-2024-6387 and 19 other CVEs. It performs version checks against target SSH servers to identify potential vulnerabilities without attempting exploitation.

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Exploits (3)

nomisec SCANNER 35 stars
by bigb0x · poc
https://github.com/bigb0x/CVE-2024-6387

This repository contains a bulk scanning tool for detecting OpenSSH vulnerabilities, including CVE-2024-6387 and 19 other CVEs. It performs version checks against target SSH servers to identify potential vulnerabilities without attempting exploitation.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: OpenSSH (versions 2.3.0 to 9.7)
No auth needed
Prerequisites: Network access to target SSH servers · Python environment with 'packaging' library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by anhvutuan · poc
https://github.com/anhvutuan/CVE-2024-6387-poc-1

This repository contains a Python-based scanner for detecting CVE-2024-6387 (regreSSHion) in OpenSSH by checking SSH banners against known vulnerable and patched versions. It supports scanning single IPs, hostnames, CIDR ranges, or lists from a file.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: OpenSSH versions 8.5p1 through 9.8p1
No auth needed
Prerequisites: Network access to the target SSH port (default: 22)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by sardine-web · poc
https://github.com/sardine-web/CVE-2024-6387_Check

This script scans for OpenSSH servers vulnerable to CVE-2024-6387 by checking SSH banners against a list of known vulnerable versions. It supports multi-threading for concurrent scanning of multiple targets.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites: Network access to target SSH port (default 22) · Python 3 with standard libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (58)

Core 58
Core References
Broken Link vendor-advisory
http://www.ubuntu.com/usn/usn-355-1
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22270
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24805
Third Party Advisory, US Government Resource third-party-advisory
http://www.kb.cert.org/vuls/id/851340
Release Notes vendor-advisory
http://www.openbsd.org/errata.html#ssh
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22487
Third Party Advisory, US Government Resource third-party-advisory
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Third Party Advisory vendor-advisory
http://security.gentoo.org/glsa/glsa-200611-06.xml
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22362
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/23680
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22352
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22236
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24799
Broken Link third-party-advisory
http://secunia.com/advisories/22495
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/20241
Broken Link vdb-entry
http://www.osvdb.org/29264
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22823
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22183
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22926
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22173
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://securitytracker.com/id?1016940
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22208
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22245
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22196
Broken Link vendor-advisory
http://www.debian.org/security/2006/dsa-1212
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22158
Mailing List vendor-advisory
http://www.debian.org/security/2006/dsa-1189
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24479

Scores

CVSS v3 8.1
EPSS 0.4410
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-415
Status published
Products (4)
apple/mac_os_x < 10.3.9
apple/mac_os_x_server < 10.3.9
debian/debian_linux 3.1
openbsd/openssh < 4.4
Published Sep 27, 2006
Tracked Since Feb 18, 2026