关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.
介绍
# CVE-2024-6387 (regreSSHion) in OpenSSH
## Description
CVE-2024-6387, nicknamed "regreSSHion," is a critical vulnerability in OpenSSH that allows unauthenticated remote attackers to execute code with root privileges on vulnerable Linux systems. This vulnerability arises from a race condition in the signal handling of OpenSSH's server component (sshd) on glibc-based systems.
## Severity
High (CVSS Score: 8.1)
## Impact
Successful exploitation of this vulnerability can lead to:
* **Remote Code Execution:** Attackers can execute arbitrary code on the target system with the highest privileges (root).
* **System Compromise:** The compromised system can be used for further attacks or to gain access to sensitive data.
* **Denial of Service:** The attack may cause the OpenSSH server to crash, disrupting SSH services.
## Vulnerable Versions
OpenSSH versions 8.5p1 through 9.8p1 are vulnerable to CVE-2024-6387.
## Mitigation
1. **Update OpenSSH:** The most effective solution is to update OpenSSH to the latest version that includes the fix for this vulnerability.
2. **Disable Password Authentication:** If updating is not immediately possible, consider disabling password authentication and using SSH keys exclusively.
## Workarounds
There are no known workarounds for this vulnerability other than updating or disabling password authentication.
## Additional Resources
* **NVD:** https://nvd.nist.gov/vuln/detail/CVE-2024-6387
* **Qualys:** https://www.qualys.com/regresshion-cve-2024-6387/
* **Unit 42:** https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
## Disclaimer
This information is provided as-is and may be updated as new information becomes available. It is recommended to consult official sources and security advisories for the latest information regarding CVE-2024-6387.
## Features
- Scans single IP addresses, hostnames, CIDR ranges, or lists from a file.
- Supports custom SSH port numbers.
- Adjustable connection timeout.
- Categorizes servers as SAFE, VULNERABLE, UNKNOWN, or ERROR.
- Colored output for easy identification of results.
## Usage
1. **Prerequisites:**
- Python 3
- `argparse` and `ipaddress` modules (usually included with Python)
2. **Save and Run:**
- Save the code below as `cve_2024_6387_check.py`.
- Execute from the command line:
```bash
python3 Checker.py [options] <addresses>
-f, --file: Path to a file containing a list of IP addresses or CIDR ranges.
-p, --ports: Comma-separated list of SSH port numbers (default is 22).
-t, --timeout: Connection timeout in seconds (default is 5.0).
文件快照
[4.0K] /data/pocs/943cc7a41ccf398556e294e81ce65ef42cbbc5b5
├── [5.4K] Checker.py
├── [3.0K] exploit.py
├── [1.0K] LICENSE
└── [2.6K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。