CVE-2024-6387: Critical OpenSSH Vulnerability Allowing Root Access
CODE SECURITY
Jul 1, 2024
Description
The Qualys Threat Research Unit (TRU) found a serious vulnerability in OpenSSH's server on glibc-based Linux systems. This unauthenticated Remote Code Execution (RCE) vulnerability can give attackers full root access and affects the default configuration without needing user interaction. It's a regression of a previously fixed issue (CVE-2006-5051) and was reintroduced in OpenSSH 8.5p1 in October 2020.
Affected OpenSSH Versions
Versions earlier than 4.4p1: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they have been patched for CVE-2006-5051 and CVE-2008-4109.
Versions 4.4p1 to 8.4p1: Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.
Versions 8.5p1 to 9.7p1: The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.
Detection
This script enables the scanning of multiple IP addresses, domain names, and CIDR network ranges to detect potential vulnerabilities and ensures rapid security of your infrastructure.
Save this below code as cve_2024-6387_check.py
Usage
Running script for individual IP address
Examples
Single IP
Running script for multiple IPs
Running script for multiple IPs and domains
Running script for CIDR range
Running script with custom port
What all it will check
Rapid Scanning: Quickly scan multiple IP addresses, domain names, and CIDR ranges for the CVE-2024-6387 vulnerability.
Multi-threading: Uses threading for concurrent checks, significantly reducing scan times.
Banner Retrieval: Efficiently retrieves SSH banners without authentication.
Port Check: Identifies closed ports and provides a summary of non-responsive hosts.
Detailed Output: Provides clear, emoji-coded output summarizing scan results.
Scan Results
The script will provide a summary of the scanned targets:
Vulnerable: Servers running a vulnerable version of OpenSSH.
Not Vulnerable: Servers running a non-vulnerable version of OpenSSH.
Closed Ports: Total number of targets with port 22 (or specified port) closed.
Sample Output

Check out best code review tools
Credit
Credits to Alexander Hagenah, Cybersecurity Leader, for rapidly developing the detection script for the CVE-2024-6387 vulnerability. With over two decades of experience in cybersecurity, he has evolved from an ethical hacker to an international cybersecurity strategist.