关联漏洞
标题:
OpenSSH 资源管理错误漏洞
(CVE-2023-25136)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在资源管理错误漏洞,该漏洞源于options.kex_algorithms 处理期间引入了双重释放漏洞。
描述
This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker.
介绍
# OpenSSH Vulnerability Testing Tool for CVE-2023-25136
This repository provides a **Proof of Concept (PoC)** for testing the **CVE-2023-25136** vulnerability in OpenSSH versions 9.0 and 9.1. The vulnerability allows for potential security risks and this tool helps identify if a server is running a vulnerable version of OpenSSH.
The tool checks the version of OpenSSH running on the server and alerts if it is affected by this vulnerability.
## Features
- Checks for OpenSSH versions **9.0** and **9.1** which may be vulnerable to **CVE-2023-25136**.
- Easy-to-use command-line interface to test one or multiple SSH servers.
- Option to check using a proxy server.
- Provides a detailed report with vulnerability warnings for the affected versions.
- Supports checking a list of servers from a file.
## How It Works
The tool attempts to establish an SSH connection to the target server and retrieves the OpenSSH version using the `ssh -V` command. It then compares the version to known vulnerable versions (9.0 and 9.1) and alerts the user if the server is affected by **CVE-2023-25136**.
### Testing Targets
The tool checks for OpenSSH versions on the following targets:
- **Single target**: Check one server by IP address.
- **Multiple targets**: Provide a list of servers from a text file to check multiple targets.
## Getting Started
### Prerequisites
- **Python 3.x** installed on your system.
- **Paramiko** library to establish SSH connections.
## Installation
Clone this repository:
``` bash
git clone https://github.com/mrmtwoj/CVE-2023-25136.git
cd CVE-2023-25136
```
## Usage
To use the tool, provide the target IP address you want to test using the -target flag:
python3 cve-2023-25136.py -target 192.168.1.100
``` bash
python3 cve-2023-25136.py -target <target-ip>
```
文件快照
[4.0K] /data/pocs/695efb2e43ca0e56a3262aa080747c369284790d
├── [2.8K] cve-2023-25136.py
└── [1.8K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。