exploitdb
WORKING POC
by Milad karimi · cremotelinux
https://www.exploit-db.com/exploits/52269
This exploit targets a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems, leading to remote code execution as root. It manipulates heap memory and timing to achieve exploitation.
Classification
Working Poc 90%
Target:
OpenSSH server (sshd) 9.8p1
No auth needed
Prerequisites:
glibc-based Linux system · OpenSSH server (sshd) 9.8p1 · network access to the target
nomisec
SCANNER
510 stars
by xaitax · poc
https://github.com/xaitax/CVE-2024-6387_Check
This is a vulnerability scanner for CVE-2024-6387, which checks if OpenSSH servers are running vulnerable versions. It performs banner grabbing and checks for LoginGraceTime mitigation.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5 to 9.7 (excluding patched versions)
No auth needed
Prerequisites:
Network access to the target SSH port (default: 22) · OpenSSH server running a vulnerable version
nomisec
WORKING POC
492 stars
by zgzhang · poc
https://github.com/zgzhang/cve-2024-6387-poc
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (and other versions)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address (ASLR bypass)
nomisec
WORKING POC
384 stars
by acrono · poc
https://github.com/acrono/cve-2024-6387-poc
This is a functional exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 95%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Target running vulnerable OpenSSH version · Glibc-based Linux system · Network access to the SSH port
nomisec
WORKING POC
169 stars
by Karmakstylez · poc
https://github.com/Karmakstylez/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (and other vulnerable versions)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address knowledge
nomisec
WORKING POC
125 stars
by lflare · poc
https://github.com/lflare/cve-2024-6387-poc
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Glibc-based Linux system · Network access to the SSH port
nomisec
SCANNER
97 stars
by filipi86 · poc
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
This Python script checks for the presence of CVE-2024-6387 (regreSSHion) by querying SSH banners and comparing them against known vulnerable and patched OpenSSH versions. It supports multiple input methods including direct IPs, CIDR ranges, and file-based lists.
Classification
Scanner 95%
Target:
OpenSSH (specific versions)
No auth needed
Prerequisites:
Network access to target SSH ports
nomisec
WORKING POC
95 stars
by l0n3m4n · poc
https://github.com/l0n3m4n/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit leverages async-signal-unsafe functions in the SIGALRM handler to achieve remote code execution as root.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (and other vulnerable versions)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address knowledge
nomisec
WORKING POC
62 stars
by xonoxitron · poc
https://github.com/xonoxitron/regreSSHion
This repository contains a functional exploit for CVE-2024-6387 (regreSSHion), targeting a race condition in OpenSSH's signal handler on glibc-based Linux systems. The exploit attempts to achieve remote code execution as root by leveraging async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 95%
Target:
OpenSSH server (sshd) on glibc-based Linux systems (tested on Ubuntu, Debian)
No auth needed
Prerequisites:
Vulnerable OpenSSH server (sshd) with specific glibc version · Network access to the target system · Compilation environment with gcc and pthread library
nomisec
WORKING POC
49 stars
by d0rb · poc
https://github.com/d0rb/CVE-2024-6387
This repository contains a Python-based proof-of-concept exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH to achieve remote code execution (RCE) as root. The exploit uses multithreading and timing adjustments to increase the likelihood of triggering the race condition.
Classification
Working Poc 90%
Target:
OpenSSH (versions affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to the target OpenSSH server · Python 3.x environment
nomisec
SCANNER
35 stars
by bigb0x · poc
https://github.com/bigb0x/CVE-2024-6387
This repository contains a bulk scanning tool for detecting OpenSSH vulnerabilities, including CVE-2024-6387 and 19 other CVEs. It performs version checks against target SSH servers to identify potential vulnerabilities without attempting exploitation.
Classification
Scanner 100%
Target:
OpenSSH (versions 2.3.0 to 9.7)
No auth needed
Prerequisites:
Network access to target SSH servers · Python environment with 'packaging' library
nomisec
WORKING POC
24 stars
by getdrive · poc
https://github.com/getdrive/CVE-2024-6387-PoC
This is a proof-of-concept exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit attempts to achieve remote code execution as root by manipulating heap memory and timing conditions.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Network access to the target SSH port · Glibc-based Linux system
nomisec
WORKING POC
18 stars
by sxlmnwb · poc
https://github.com/sxlmnwb/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 95%
Target:
OpenSSH 9.2p1 (and potentially other versions)
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Glibc-based Linux system · Network access to the SSH port
nomisec
WORKING POC
15 stars
by YassDEV221608 · poc
https://github.com/YassDEV221608/CVE-2024-6387_PoC
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit attempts to achieve remote code execution (RCE) as root by leveraging async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base addresses for ASLR bypass
nomisec
SCANNER
15 stars
by thegenetic · poc
https://github.com/thegenetic/CVE-2024-6387-exploit
This repository contains a Python script that uses Nmap to scan domains for vulnerable SSH versions affected by CVE-2024-6387. It identifies and highlights vulnerable OpenSSH versions but does not include an exploit payload.
Classification
Scanner 90%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Nmap installed · Python 3.x · termcolor library · list of domains to scan
nomisec
SCANNER
13 stars
by devarshishimpi · poc
https://github.com/devarshishimpi/CVE-2024-6387-Check
This repository contains a bash script that scans for CVE-2024-6387 (regreSSHion) by checking OpenSSH server banners. It identifies vulnerable versions and excludes patched versions, providing clear output for vulnerable and non-vulnerable hosts.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5 through 9.7 (excluding patched versions)
No auth needed
Prerequisites:
nmap installed or ability to install it · network access to target SSH ports
nomisec
WORKING POC
12 stars
by TAM-K592 · remote
https://github.com/TAM-K592/CVE-2024-6387
This repository contains a proof-of-concept exploit for CVE-2024-6387, targeting a race condition in OpenSSH's signal handler. The exploit attempts to achieve remote code execution by manipulating heap memory and timing conditions.
Classification
Working Poc 90%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to the target SSH server · Target running a vulnerable OpenSSH version
nomisec
SCANNER
11 stars
by AiGptCode · poc
https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387
This repository contains a Python script designed to scan for and identify servers running vulnerable versions of OpenSSH (CVE-2024-6387). It includes features for SSH version detection, vulnerability checking, and multithreaded scanning, but does not include actual exploit code.
Classification
Scanner 90%
Target:
OpenSSH (versions affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to target SSH ports · Python 3.x with required packages
nomisec
WORKING POC
10 stars
by l-urk · poc
https://github.com/l-urk/CVE-2024-6387
This repository contains a Python-based proof-of-concept exploit for CVE-2024-6387, a remote code execution vulnerability in OpenSSH (regreSSHion). The exploit leverages heap manipulation and shellcode injection to achieve RCE on vulnerable OpenSSH versions.
Classification
Working Poc 95%
Target:
OpenSSH versions 1.2.2p1 ~ 4.4 and 8.5p1 ~ 9.8
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Python 3 environment with required dependencies
nomisec
SCANNER
10 stars
by xonoxitron · poc
https://github.com/xonoxitron/regreSSHion-checker
This repository contains a Go-based scanner for detecting servers vulnerable to CVE-2024-6387 (regreSSHion) by checking SSH banners. It supports concurrent scanning of IPs, domains, and CIDR ranges, and identifies vulnerable OpenSSH versions.
Classification
Scanner 95%
Target:
OpenSSH (versions 8.5 to 9.7, excluding patched versions)
No auth needed
Prerequisites:
Network access to target SSH ports · Go environment for building
nomisec
SCANNER
9 stars
by 0x4D31 · poc
https://github.com/0x4D31/cve-2024-6387_hassh
This repository provides scripts to generate and query HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion). It uses the Shodan API to compile a database of HASSH fingerprints and associated OpenSSH versions.
Classification
Scanner 90%
Target:
OpenSSH versions 4.0-4.4p1 and 8.5-9.7p1
No auth needed
Prerequisites:
Shodan API key · Network access to Shodan API
nomisec
WORKING POC
8 stars
by P4x1s · poc
https://github.com/P4x1s/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 9.2p1 (and other vulnerable versions)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address (ASLR bypass required)
nomisec
WORKING POC
6 stars
by OhDamnn · poc
https://github.com/OhDamnn/Noregressh
This repository contains a penetration-testing framework focused on exploiting OpenSSH regressions, including CVE-2024-6387 (regreSSHion) for RCE. It includes multi-threaded scanning, targeted exploitation workflows, and post-exploitation features like reverse shells and bind shells.
Classification
Working Poc 90%
Target:
OpenSSH 8.5 – 9.7
No auth needed
Prerequisites:
Network access to target OpenSSH server · Python 3.x environment
nomisec
SCANNER
6 stars
by wiggels · poc
https://github.com/wiggels/regresshion-check
This is a Rust-based CLI tool designed to scan SSH servers for vulnerability to CVE-2024-6387 (regresshion). It checks the SSH version banner and performs reverse DNS lookups to identify vulnerable hosts.
Classification
Scanner 100%
Target:
OpenSSH (versions affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to target SSH servers · Rust and Cargo installed for compilation
nomisec
WRITEUP
6 stars
by azurejoga · poc
https://github.com/azurejoga/CVE-2024-6387-how-to-fix
This repository provides a detailed guide on mitigating CVE-2024-6387, a critical RCE vulnerability in OpenSSH ('regreSSHion'). It includes steps for updating and compiling the latest OpenSSH version to secure affected systems.
Classification
Writeup 100%
Target:
OpenSSH versions 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Access to a vulnerable OpenSSH server · Ability to compile and install software
nomisec
WORKING POC
4 stars
by kinu404 · poc
https://github.com/kinu404/CVE-2024-6387
This PoC exploits CVE-2024-6387, a race condition vulnerability in OpenSSH, by attempting to trigger a heap-based buffer overflow via a race condition during SSH handshake. It uses multiple threads and timing adjustments to increase the likelihood of successful exploitation.
Classification
Working Poc 90%
Target:
OpenSSH (version affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to target OpenSSH server · Glibc base address (optional, defaults provided)
nomisec
SCANNER
4 stars
by harshinsecurity · poc
https://github.com/harshinsecurity/sentinelssh
This repository contains a Go-based scanner for detecting CVE-2024-6387 in OpenSSH servers. It checks SSH banners against known vulnerable versions and excludes patched versions.
Classification
Scanner 95%
Target:
OpenSSH (versions 1-9.7, excluding specific patched versions)
No auth needed
Prerequisites:
Network access to target SSH port · SSH service running on target
nomisec
WORKING POC
4 stars
by lala-amber · poc
https://github.com/lala-amber/CVE-2024-6387
This is a Python-based PoC for CVE-2024-6387, targeting a race condition in OpenSSH's signal handler on 32-bit glibc-based Linux systems. It attempts to achieve RCE by exploiting a heap-based buffer overflow via a maliciously crafted public key packet.
Classification
Working Poc 95%
Target:
OpenSSH 8.9p1 (32-bit glibc-based Linux)
No auth needed
Prerequisites:
32-bit glibc-based Linux system · OpenSSH version vulnerable to CVE-2024-6387 · Network access to target SSH port
nomisec
SCANNER
4 stars
by th3gokul · poc
https://github.com/th3gokul/CVE-2024-6387
This repository contains a Python-based scanner for detecting CVE-2024-6387 (regreSSHion) in OpenSSH servers. It checks for vulnerable versions by analyzing SSH banners and supports asynchronous scanning with multi-threading.
Classification
Scanner 90%
Target:
OpenSSH Server (versions 8.5p1 to 9.7p1)
No auth needed
Prerequisites:
Network access to target SSH servers · OpenSSH server running a vulnerable version
nomisec
SCANNER
4 stars
by paradessia · poc
https://github.com/paradessia/CVE-2024-6387-nmap
This is an Nmap NSE script designed to detect vulnerable OpenSSH versions affected by CVE-2024-6387 by checking the SSH banner. It does not exploit the vulnerability but scans for its presence.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to the target SSH port (22/tcp)
nomisec
WORKING POC
3 stars
by awusan125 · poc
https://github.com/awusan125/test_for6387
This is a PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 9.2p1 (and potentially other versions)
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Glibc-based Linux system · Network access to the target SSH port
nomisec
SCANNER
3 stars
by sardine-web · poc
https://github.com/sardine-web/CVE-2024-6387-template
This repository provides a Nuclei template for detecting CVE-2024-6387 (regreSSHion) by checking OpenSSH versions. It includes dorks for finding vulnerable systems but does not contain exploit code.
Classification
Scanner 90%
Target:
OpenSSH versions >=8.5 AND <9.8 OR <4.4
No auth needed
Prerequisites:
Nuclei tool · Network access to target
nomisec
SCANNER
3 stars
by BrandonLynch2402 · poc
https://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template
This repository contains a Nuclei template designed to detect CVE-2024-6387 (regreSSHion), a remote unauthenticated code execution vulnerability in OpenSSH. The template scans for vulnerable OpenSSH versions.
Classification
Scanner 90%
Target:
OpenSSH Server
No auth needed
Prerequisites:
Network access to the target OpenSSH server
nomisec
WORKING POC
3 stars
by MrR0b0t19 · poc
https://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POC
This PoC exploits CVE-2024-6387, a race condition in OpenSSH's signal handler, to achieve remote code execution. It manipulates heap memory and leverages ASLR bypass techniques to execute shellcode.
Classification
Working Poc 90%
Target:
OpenSSH (likely versions affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Precise timing control for race condition
nomisec
WORKING POC
3 stars
by PrincipalAnthony · poc
https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit
This repository contains a Python-based exploit for CVE-2024-6387, targeting a race condition in OpenSSH's SIGALRM handler to achieve remote code execution as root. The exploit supports multithreading, file-based target input, and real-time shell interaction.
Classification
Working Poc 90%
Target:
OpenSSH 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Python 3.9 · glibc-based Linux system · vulnerable OpenSSH version
nomisec
WORKING POC
2 stars
by OHHDamnBRO · poc
https://github.com/OHHDamnBRO/Noregressh
This repository contains a functional exploit framework for CVE-2024-6387 (regreSSHion) and other OpenSSH CVEs, including reverse shell payloads and multi-threaded scanning capabilities. The code demonstrates a clear understanding of the vulnerability and includes practical exploitation techniques.
Classification
Working Poc 90%
Target:
OpenSSH 8.5-9.7
No auth needed
Prerequisites:
network access to vulnerable OpenSSH server · Python 3.x environment
nomisec
SCANNER
2 stars
by identity-threat-labs · poc
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
This Python script scans SSH servers to check for CVE-2024-6387 (regreSSHion) by retrieving and analyzing SSH banners. It categorizes targets as vulnerable, safe, unknown, or error based on predefined version lists.
Classification
Scanner 100%
Target:
OpenSSH (specific versions)
No auth needed
Prerequisites:
Network access to target SSH ports
nomisec
WORKING POC
2 stars
by prelearn-code · poc
https://github.com/prelearn-code/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base addresses for ASLR bypass
nomisec
SCANNER
2 stars
by ThatNotEasy · poc
https://github.com/ThatNotEasy/CVE-2024-6387
This repository contains a Python-based scanner for detecting vulnerable OpenSSH versions, including CVE-2024-6387. It performs version checks against a predefined list of CVEs and logs results with color-coded output.
Classification
Scanner 100%
Target:
OpenSSH (various versions)
No auth needed
Prerequisites:
Network access to target SSH ports · List of target IPs/ports
nomisec
SCANNER
2 stars
by anhvutuan · poc
https://github.com/anhvutuan/CVE-2024-6387-poc-1
This repository contains a Python-based scanner for detecting CVE-2024-6387 (regreSSHion) in OpenSSH by checking SSH banners against known vulnerable and patched versions. It supports scanning single IPs, hostnames, CIDR ranges, or lists from a file.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 through 9.8p1
No auth needed
Prerequisites:
Network access to the target SSH port (default: 22)
nomisec
SCANNER
2 stars
by sardine-web · poc
https://github.com/sardine-web/CVE-2024-6387_Check
This script scans for OpenSSH servers vulnerable to CVE-2024-6387 by checking SSH banners against a list of known vulnerable versions. It supports multi-threading for concurrent scanning of multiple targets.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to target SSH port (default 22) · Python 3 with standard libraries
nomisec
WORKING POC
2 stars
by Symbolexe · poc
https://github.com/Symbolexe/CVE-2024-6387
This is a Python-based exploit for CVE-2024-6387, targeting a race condition in OpenSSH. It attempts to achieve remote code execution by manipulating heap memory and timing attacks to bypass ASLR.
Classification
Working Poc 90%
Target:
OpenSSH (hypothetical vulnerability)
No auth needed
Prerequisites:
Network access to target OpenSSH server · Vulnerable OpenSSH version
nomisec
SCANNER
2 stars
by ACHUX21 · poc
https://github.com/ACHUX21/checker-CVE-2024-6387
This repository contains a Python-based scanner for detecting OpenSSH servers vulnerable to CVE-2024-6387 by checking SSH banners. It supports IP addresses, domains, CIDR ranges, and file-based target lists, using threading for concurrent scanning.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5-8.9 and 9.0-9.7
No auth needed
Prerequisites:
Network access to target SSH ports · Python 3.x with standard libraries
nomisec
SCANNER
2 stars
by ahlfors · poc
https://github.com/ahlfors/CVE-2024-6387
This repository provides a bash script to check if a system is vulnerable to CVE-2024-6387 by comparing the installed OpenSSH version against known vulnerable ranges. The README suggests using a remote script via curl, but the provided check.sh script performs a local version check.
Classification
Scanner 90%
Target:
OpenSSH versions >= 8.5p1 and < 9.8p1
No auth needed
Prerequisites:
Access to the target system's package manager to query OpenSSH version
nomisec
WRITEUP
2 stars
by muyuanlove · poc
https://github.com/muyuanlove/CVE-2024-6387fixshell
This repository provides a script and instructions for compiling and installing OpenSSH 9.8p1 as a mitigation for CVE-2024-6387. It does not contain exploit code but rather a remediation guide.
Classification
Writeup 100%
Target:
OpenSSH versions 8.5p1 to < 9.8p1
No auth needed
Prerequisites:
Access to a Linux system with sudo privileges · Internet connectivity to download OpenSSH source
nomisec
SCANNER
2 stars
by betancour · poc
https://github.com/betancour/OpenSSH-Vulnerability-test
This repository contains a C-based scanner that checks for vulnerable OpenSSH versions by retrieving SSH banners from target servers. It identifies potentially vulnerable versions but does not exploit the vulnerability.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to target SSH ports · List of target IP addresses or ranges
nomisec
SCANNER
1 stars
by xiw1ll · poc
https://github.com/xiw1ll/CVE-2024-6387_Checker
This repository provides a checker for CVE-2024-6387, a vulnerability in OpenSSH. It lists patched versions of OpenSSH across various distributions, aiding in identifying vulnerable systems.
Classification
Scanner 90%
Target:
OpenSSH (various versions across Ubuntu, Debian, FreeBSD, Alpine, Fedora)
No auth needed
Prerequisites:
Network access to target SSH service · Ability to query SSH banner
nomisec
WRITEUP
1 stars
by identity-threat-labs · poc
https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387
This repository contains a writeup describing CVE-2024-6387, a critical RCE vulnerability in OpenSSH. No exploit code or technical details are provided in the analyzed file.
Classification
Writeup 90%
Target:
OpenSSH (version not specified)
No auth needed
nomisec
SCANNER
1 stars
by X-Projetion · poc
https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker
This repository contains a bash script that scans for CVE-2024-6387 by checking OpenSSH versions on local and remote systems using nmap. It identifies vulnerable versions and excludes patched ones, providing a detailed report.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5 to 9.7 (excluding specific patched versions)
No auth needed
Prerequisites:
nmap installed or ability to install it · network connectivity to target systems
nomisec
WORKING POC
1 stars
by redux-sibi-jose · poc
https://github.com/redux-sibi-jose/mitigate_ssh
This script mitigates CVE-2024-6387 by adjusting the LoginGraceTime in OpenSSH's configuration to 0, effectively reducing the window for exploitation. It checks the OpenSSH version and applies the mitigation if the version is vulnerable.
Classification
Working Poc 90%
Target:
OpenSSH versions below 9.8p1
Auth required
Prerequisites:
sudo access to modify /etc/ssh/sshd_config and restart sshd service
nomisec
SCANNER
1 stars
by turbobit · poc
https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker
This repository contains a version checker for CVE-2024-6387, an OpenSSH vulnerability. It includes scripts in Go, Python, and Bash that parse the OpenSSH version and determine vulnerability status based on version ranges.
Classification
Scanner 95%
Target:
OpenSSH (versions 4.4p1 to 8.5p1, and 8.5p1 to 9.8p1)
No auth needed
Prerequisites:
Access to execute the 'ssh -V' command on the target system
nomisec
SCANNER
1 stars
by grupooruss · poc
https://github.com/grupooruss/CVE-2024-6387
This repository contains a Python script that scans SSH configurations for the presence of the default LoginGraceTime setting, which is related to CVE-2024-6387. It checks remote hosts via SSH and reports if the configuration is vulnerable.
Classification
Scanner 90%
Target:
OpenSSH (versions affected by CVE-2024-6387)
Auth required
Prerequisites:
Valid SSH credentials for the target host · Network access to the target host · Paramiko library installed
nomisec
SCANNER
1 stars
by n1cks0n · poc
https://github.com/n1cks0n/Test_CVE-2024-6387
This repository contains a Python-based scanner for detecting servers vulnerable to CVE-2024-6387 (regreSSHion) by checking OpenSSH versions via banner grabbing. It supports multi-threading, CIDR ranges, and custom ports.
Classification
Scanner 100%
Target:
OpenSSH (versions 8.5 to 9.7, excluding specific patched versions)
No auth needed
Prerequisites:
Network access to target SSH ports · OpenSSH server running on target
nomisec
SCANNER
1 stars
by xristos8574 · poc
https://github.com/xristos8574/regreSSHion-nmap-scanner
This script is an Nmap-based scanner to detect servers vulnerable to CVE-2024-6387 (regreSSHion) by checking OpenSSH versions. It parses Nmap output to identify vulnerable versions and categorizes them accordingly.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 to 9.8p1 (excluding patched versions)
No auth needed
Prerequisites:
Nmap installed · List of target servers in 'servers.txt'
nomisec
WRITEUP
1 stars
by rumochnaya · poc
https://github.com/rumochnaya/openssh-cve-2024-6387.sh
This repository provides a mitigation script for CVE-2024-6387, a vulnerability in OpenSSH that allows remote code execution as root. The script modifies the sshd_config to set LoginGraceTime to 0, which mitigates the race condition exploit.
Classification
Writeup 90%
Target:
OpenSSH (glibc-based Linux distributions)
No auth needed
Prerequisites:
Access to modify sshd_config and restart sshd service
nomisec
SCANNER
1 stars
by R4Tw1z · poc
https://github.com/R4Tw1z/CVE-2024-6387
This repository contains a Python-based scanner for detecting potentially vulnerable OpenSSH versions affected by CVE-2024-6387. It uses multi-threading to efficiently scan multiple targets, retrieve SSH banners, and check against a predefined list of vulnerable versions.
Classification
Scanner 100%
Target:
OpenSSH (versions 8.5p1 to 9.7p1)
No auth needed
Prerequisites:
Network access to target systems · OpenSSH service running on target port (default: 22)
nomisec
SCANNER
1 stars
by shamo0 · poc
https://github.com/shamo0/CVE-2024-6387_PoC
This repository contains a Bash script that scans for vulnerable OpenSSH versions by checking SSH banners. It identifies systems potentially affected by CVE-2024-6387 but does not exploit the vulnerability.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 through 9.7p1
No auth needed
Prerequisites:
Network access to the target SSH port · SSH service running on the target
nomisec
WORKING POC
1 stars
by teamos-hub · poc
https://github.com/teamos-hub/regreSSHion
This repository contains a working PoC for CVE-2024-6387, a signal handler race condition in OpenSSH's server (sshd) leading to remote code execution (RCE) on glibc-based Linux systems. The exploit targets a regression of CVE-2006-5051, leveraging async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 95%
Target:
OpenSSH server (sshd) versions 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Network access to the target SSH server · Target must be running a vulnerable OpenSSH version on a glibc-based Linux system
nomisec
WORKING POC
1 stars
by passwa11 · poc
https://github.com/passwa11/cve-2024-6387-poc
This is a proof-of-concept exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address
nomisec
WRITEUP
by kaleth4 · poc
https://github.com/kaleth4/CVE-2024-6387
This repository provides a detailed technical analysis of CVE-2024-6387, including root cause analysis, affected versions, and mitigation steps. It includes conceptual exploit code snippets but lacks a functional PoC.
Classification
Writeup 90%
Target:
OpenSSH (versions 8.5p1 to 9.8p1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Patience for race condition exploitation (~10,000 attempts)
nomisec
WRITEUP
by Doux-x · poc
https://github.com/Doux-x/CVE-2024-6387-analysis
This repository provides a detailed technical analysis of CVE-2024-6387, an OpenSSH signal handling race condition vulnerability, including root cause analysis, affected versions, and mitigation strategies. It includes a basic detection script but no functional exploit code.
Classification
Writeup 95%
Target:
OpenSSH 8.5p1 to 9.7p1
No auth needed
Prerequisites:
OpenSSH server with vulnerable version · network access to target SSH port
nomisec
WORKING POC
by Remnant-DB · poc
https://github.com/Remnant-DB/CVE-2024-6387
This repository provides a containerized lab environment for testing CVE-2024-6387, a regression vulnerability in OpenSSH. It includes a Dockerfile that builds a vulnerable OpenSSH 9.2p1 instance, along with configuration files to run the service in an isolated environment for defensive analysis.
Classification
Working Poc 95%
Target:
OpenSSH 9.2p1
Auth required
Prerequisites:
Docker or Podman · Network access to the containerized service
gitlab
WORKING POC
by skysaint · poc
https://gitlab.com/skysaint/cve-2024-6387
The repository contains a Python script designed to exploit CVE-2024-6387, a race condition vulnerability in OpenSSH that can lead to remote code execution (RCE) with root privileges. The exploit uses multithreading and timing adjustments to increase the likelihood of successful exploitation.
Classification
Working Poc 90%
Target:
OpenSSH (version affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to target OpenSSH server · Python 3.x environment
gitlab
WORKING POC
by ThemeHackers · poc
https://gitlab.com/ThemeHackers/CVE-2024-6387
This repository contains a functional exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit leverages async-signal-unsafe functions in the SIGALRM handler to achieve remote code execution as root.
Classification
Working Poc 95%
Target:
OpenSSH 8.9p1 (and other versions)
No auth needed
Prerequisites:
glibc-based Linux system · OpenSSH server with vulnerable version · network access to target
gitlab
WORKING POC
by OhDamnn · poc
https://gitlab.com/OhDamnn/Noregressh
The repository contains a functional exploit framework for CVE-2024-6387 (regreSSHion) and other OpenSSH CVEs, including multi-threaded scanning, payload generation, and post-exploitation features. The code includes reverse shell payloads and listener management, demonstrating a complete exploitation workflow.
Classification
Working Poc 90%
Target:
OpenSSH 8.5-9.7
No auth needed
Prerequisites:
network access to target OpenSSH server · Python 3.x environment
nomisec
WRITEUP
by arielrbrdev · poc
https://github.com/arielrbrdev/redteamlab1
This repository is a writeup documenting a pentest engagement, including findings such as CVE-2024-6387 (OpenSSH RCE), SQL injection, and wireless security flaws. It does not contain exploit code but provides technical details and recommendations.
Classification
Writeup 90%
Target:
OpenSSH 9.3p2, DVWA, WEP/WPA2
No auth needed
Prerequisites:
Network access to vulnerable systems · Tools like Nmap, SQLmap, Aircrack-ng
nomisec
SCANNER
by moften · poc
https://github.com/moften/regreSSHion-CVE-2024-6387
This repository contains a Python-based scanner for detecting CVE-2024-6387 (regreSSHion) by checking OpenSSH server banners for vulnerable versions. It does not include an exploit but identifies potentially vulnerable targets.
Classification
Scanner 90%
Target:
OpenSSH versions 8.5 to 9.8
No auth needed
Prerequisites:
Network access to the target SSH port
nomisec
SCANNER
by dream434 · poc
https://github.com/dream434/CVE-2024-6387
This repository contains a Python script that scans for vulnerable OpenSSH versions affected by CVE-2024-6387 by checking the SSH banner. It does not exploit the vulnerability but identifies potentially vulnerable targets.
Classification
Scanner 90%
Target:
OpenSSH (versions 1-9.7, excluding specific patched versions)
No auth needed
Prerequisites:
Network access to the target SSH service (port 22)
nomisec
WORKING POC
by SkyGodling · poc
https://github.com/SkyGodling/CVE-2024-6387-POC
This is a Python-based proof-of-concept exploit for CVE-2024-6387, targeting a race condition in OpenSSH to achieve remote code execution (RCE) with root privileges. The exploit uses multi-threading and timing adjustments to increase the likelihood of successful exploitation.
Classification
Working Poc 90%
Target:
OpenSSH (version not specified)
No auth needed
Prerequisites:
Network access to target SSH service · Vulnerable OpenSSH version
nomisec
WORKING POC
by YassDEV221608 · poc
https://github.com/YassDEV221608/CVE-2024-6387
This repository contains a Python-based proof-of-concept exploit for CVE-2024-6387, targeting a race condition in OpenSSH 9.2p1 on 32-bit glibc-based Linux systems. The exploit attempts to achieve remote code execution by manipulating heap memory and timing conditions.
Classification
Working Poc 90%
Target:
OpenSSH 9.2p1
No auth needed
Prerequisites:
32-bit glibc-based Linux system · OpenSSH 9.2p1 with specific configuration · Network access to the target SSH service
nomisec
WORKING POC
by HadesNull123 · poc
https://github.com/HadesNull123/CVE-2024-6387_Check
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific OpenSSH version (8.9p1)
nomisec
WORKING POC
by almogopp · poc
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
This repository provides a Bash script to mitigate CVE-2024-6387 in OpenSSH by either upgrading to a patched version or applying a temporary workaround. The script checks the installed OpenSSH version and offers remediation options.
Classification
Working Poc 90%
Target:
OpenSSH versions earlier than 4.4p1 and from 8.5p1 up to 9.8p1
Auth required
Prerequisites:
Root privileges to execute the script · Access to package manager for upgrades
nomisec
SCANNER
by s1d6point7bugcrowd · poc
https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH
The repository contains a detection script for CVE-2024-6387, a race condition in OpenSSH's signal handling that could lead to unauthenticated RCE. The script checks for vulnerable OpenSSH versions by analyzing the SSH banner response.
Classification
Scanner 90%
Target:
OpenSSH versions earlier than 4.4p1 (unless patched) and 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Network access to the target SSH server · SSH service running on the target
nomisec
SCANNER
by jocker2410 · poc
https://github.com/jocker2410/CVE-2024-6387_poc
This repository contains a scanner for CVE-2024-6387, which checks for vulnerable OpenSSH versions by sending a minimal SSH protocol greeting and parsing the version string. It does not exploit the vulnerability but identifies potentially vulnerable systems.
Classification
Scanner 90%
Target:
OpenSSH (specific versions: 8.5p1 to 8.8p1, and versions prior to 4.4p1)
No auth needed
Prerequisites:
Network access to the target SSH port · A list of target IPs/ports in 'ip-addr.list'
nomisec
WORKING POC
by alex14324 · poc
https://github.com/alex14324/ssh_poc2024
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 9.2p1 (and potentially other versions)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base addresses for ASLR bypass
nomisec
WORKING POC
by DimaMend · poc
https://github.com/DimaMend/cve-2024-6387-poc
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit leverages a race condition to achieve remote code execution (RCE) as root by manipulating heap memory and timing.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (and other versions)
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Network access to the SSH port · Glibc-based Linux system
nomisec
SCANNER
by kubota · poc
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
This Rust-based tool scans SSH servers for CVE-2024-6387 by checking server banners against known vulnerable and patched OpenSSH versions. It supports batch processing of targets from a file and customizable ports/timeouts.
Classification
Scanner 95%
Target:
OpenSSH (versions 1-9.7, excluding specific patched versions)
No auth needed
Prerequisites:
Network access to target SSH servers · OpenSSH server running a vulnerable version
nomisec
WORKING POC
by dgourillon · poc
https://github.com/dgourillon/mitigate-CVE-2024-6387
This repository contains mitigation scripts for CVE-2024-6387, a vulnerability in OpenSSH. The scripts automate the process of setting LoginGraceTime to 0 in the SSHD configuration and applying this fix across multiple Google Cloud projects and instances.
Classification
Working Poc 90%
Target:
OpenSSH (version not specified)
Auth required
Prerequisites:
Access to the target system with sufficient privileges to modify SSHD configuration · Google Cloud SDK configured with appropriate permissions for the organization
nomisec
SCANNER
by mrmtwoj · poc
https://github.com/mrmtwoj/CVE-2024-6387
This repository contains a Python-based scanner for CVE-2024-6387 (regreSSHion), which checks OpenSSH versions on remote servers to determine vulnerability status. It does not exploit the vulnerability but identifies potentially vulnerable systems.
Classification
Scanner 95%
Target:
OpenSSH (versions 8.5 to 9.8)
No auth needed
Prerequisites:
Network access to target SSH servers · SSH service running on target
nomisec
SCANNER
by vkaushik-chef · poc
https://github.com/vkaushik-chef/regreSSHion
This repository contains a Chef Inspec profile for detecting the regreSSHion vulnerability (CVE-2024-6387) in OpenSSH. It is a compliance scanning tool rather than an exploit, designed to check for the presence of the vulnerability in target systems.
Classification
Scanner 90%
Target:
OpenSSH (versions affected by CVE-2024-6387)
Auth required
Prerequisites:
Access to the target system with sufficient permissions to run Chef Inspec scans
nomisec
SCANNER
by imv7 · poc
https://github.com/imv7/CVE-2024-6387
This repository contains a Python-based scanner for detecting CVE-2024-6387, a vulnerability in OpenSSH. The script checks for vulnerable versions by analyzing SSH banners and includes a grace time check to detect LoginGraceTime mitigations.
Classification
Scanner 95%
Target:
OpenSSH versions 1-9.7 (excluding patched versions)
No auth needed
Prerequisites:
Network access to target SSH ports · SSH service running on target
nomisec
SCANNER
by invaderslabs · poc
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
This repository contains a bash script to check if an OpenSSH installation is vulnerable to CVE-2024-6387 (regreSSHion). The script identifies vulnerable versions by parsing version strings from sshd binaries.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5 to 9.7
No auth needed
Prerequisites:
Access to the target system's sshd binary
nomisec
WORKING POC
by 4lxprime · poc
https://github.com/4lxprime/regreSSHive
This is a rewritten exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It aims to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (and potentially other versions)
No auth needed
Prerequisites:
Target must be running a vulnerable version of OpenSSH on a glibc-based Linux system · Network access to the SSH port (typically 22)
nomisec
SCANNER
by sms2056 · poc
https://github.com/sms2056/CVE-2024-6387
This repository contains a Python-based scanner for CVE-2024-6387, which checks SSH banners to identify vulnerable OpenSSH versions. It supports multi-threading, CIDR ranges, and IP ranges for efficient scanning.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5p1 to 9.7p1 (excluding specific patched versions)
No auth needed
Prerequisites:
Network access to target SSH port (default 22) · OpenSSH service running on target
nomisec
WORKING POC
by t3rry327 · poc
https://github.com/t3rry327/cve-2024-6387-poc
This is a working PoC for CVE-2024-6387, exploiting a signal handler race condition in OpenSSH's sshd on glibc-based Linux systems. The exploit targets async-signal-unsafe functions in the SIGALRM handler to achieve remote code execution as root.
Classification
Working Poc 90%
Target:
OpenSSH 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system
nomisec
SCANNER
by CognisysGroup · poc
https://github.com/CognisysGroup/CVE-2024-6387-Checker
This repository contains a Python-based scanner for detecting vulnerable OpenSSH versions affected by CVE-2024-6387. It checks SSH banners to identify hosts running vulnerable versions (8.5-8.9, 9.0-9.8) and supports various input formats including single IPs, CIDR ranges, and CSV files.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5-8.9 and 9.0-9.8
No auth needed
Prerequisites:
Network access to target SSH ports · Python environment with required libraries (paramiko, netaddr, pandas, termcolor)
nomisec
SCANNER
by edsonjt81 · poc
https://github.com/edsonjt81/CVE-2024-6387_Check
This repository contains a Python-based scanner for detecting servers vulnerable to CVE-2024-6387 (regreSSHion) by checking SSH banners for specific OpenSSH versions. It supports multi-threading for efficient scanning of multiple targets.
Classification
Scanner 100%
Target:
OpenSSH (various versions)
No auth needed
Prerequisites:
Network access to target SSH ports · List of target IPs, domains, or CIDR ranges
nomisec
SCANNER
by RickGeex · poc
https://github.com/RickGeex/CVE-2024-6387-Checker
The repository contains a scanner for CVE-2024-6387 (RegreSSHion) that checks for vulnerable OpenSSH versions by analyzing SSH banners. It includes a checker script and a partial PoC for exploitation.
Classification
Scanner 95%
Target:
OpenSSH versions 8.5 to 9.7 (excluding specific patched versions)
No auth needed
Prerequisites:
Network access to the target SSH port (default: 22) · Target running a vulnerable OpenSSH version
nomisec
WORKING POC
by dawnl3ss · poc
https://github.com/dawnl3ss/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit leverages a race condition to achieve remote code execution as root.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Network access to the target system
nomisec
WORKING POC
by particle99 · poc
https://github.com/particle99/CVE-2024-6387-POC
The repository contains a functional Python exploit for CVE-2024-6387, targeting a race condition in OpenSSH's signal handler to achieve remote code execution (RCE). The exploit uses multi-threading and timing adjustments to increase the likelihood of successful exploitation.
Classification
Working Poc 90%
Target:
OpenSSH (version affected by CVE-2024-6387)
No auth needed
Prerequisites:
Network access to target SSH server · Python 3.x environment
nomisec
WORKING POC
by hssmo · poc
https://github.com/hssmo/cve-2024-6387_AImade
This Python script attempts to exploit CVE-2024-6387, a race condition in OpenSSH's SIGALRM handler, by sending numerous crafted SSH packets to trigger remote code execution. The script uses threading to simulate concurrent connections and timing adjustments to exploit the vulnerability.
Classification
Working Poc 70%
Target:
OpenSSH 8.5p1 to 9.8p1
No auth needed
Prerequisites:
Network access to target SSH server · Vulnerable OpenSSH version on glibc-based Linux system
nomisec
SCANNER
by zenzue · poc
https://github.com/zenzue/CVE-2024-6387-Mitigation
This repository contains a Python script to scan for OpenSSH servers vulnerable to CVE-2024-6387 by checking SSH banners. It also includes a mitigation guide for the vulnerability.
Classification
Scanner 90%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to target SSH ports · SSH service running on target
nomisec
WRITEUP
by daniel-odrinski · poc
https://github.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook
This repository provides an Ansible playbook to mitigate CVE-2024-6387 (regreSSHion RCE) by applying configuration changes to OpenSSH servers. It follows Red Hat's mitigation advice to prevent RCE while noting that DoS risks remain.
Classification
Writeup 100%
Target:
OpenSSH Server (affected versions)
Auth required
Prerequisites:
Ansible access to target servers · Sufficient permissions to modify SSH configurations
nomisec
SCANNER
by CiderAndWhisky · poc
https://github.com/CiderAndWhisky/regression-scanner
This is a scanner for detecting vulnerable OpenSSH versions affected by CVE-2024-6387, CVE-2006-5051, and CVE-2008-4109. It checks SSH banners and compares versions against known vulnerable ranges.
Classification
Scanner 100%
Target:
OpenSSH versions < 4.4, 8.5 to 9.7
No auth needed
Prerequisites:
Network access to target SSH ports
nomisec
SCANNER
by Mufti22 · poc
https://github.com/Mufti22/CVE-2024-6387-checkher
This is a scanner for CVE-2024-6387 that checks for vulnerable OpenSSH versions by analyzing SSH banners. It supports multi-threading and can scan multiple targets, including CIDR ranges and file-based IP lists.
Classification
Scanner 100%
Target:
OpenSSH versions 8.5p1 to 9.7p1
No auth needed
Prerequisites:
Network access to target SSH ports · OpenSSH service running on target
nomisec
WORKING POC
by jack0we · poc
https://github.com/jack0we/CVE-2024-6387
This is a working PoC exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution (RCE) as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 9.2p1 (and potentially other versions)
No auth needed
Prerequisites:
Network access to the target SSH server · Target running a vulnerable version of OpenSSH on a glibc-based Linux system
nomisec
WORKING POC
by FerasAlrimali · poc
https://github.com/FerasAlrimali/CVE-2024-6387-POC
This is a proof-of-concept exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The exploit attempts to achieve remote code execution as root by manipulating heap layout and timing parameters.
Classification
Working Poc 90%
Target:
OpenSSH server (sshd) 8.9p1 and earlier
No auth needed
Prerequisites:
Target system running vulnerable OpenSSH version · Network access to the SSH port · Glibc-based Linux system
nomisec
WORKING POC
by shyrwall · poc
https://github.com/shyrwall/cve-2024-6387-poc
This is a working PoC exploit for CVE-2024-6387 (regreSSHion), targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. It attempts to achieve remote code execution as root by exploiting async-signal-unsafe functions in the SIGALRM handler.
Classification
Working Poc 90%
Target:
OpenSSH 8.9p1 (Ubuntu-3ubuntu0.1)
No auth needed
Prerequisites:
Network access to vulnerable OpenSSH server · Glibc-based Linux system · Specific glibc base address