Cyber Vulnerability

Code Security

CVE-2024-6387: Critical OpenSSH Vulnerability Allowing Root Access

CVE-2024-6387: Critical OpenSSH Vulnerability Allowing Root Access

Amartya Jha

• 01 July 2024

Problem

Problem

Problem

A major security vulnerability has been found in OpenSSH, potentially leading to remote code execution as the root user on glibc-based Linux systems. It is being referred to as regreSSHion (CVE-2024-6387). This flaw affects versions 8.5p1 to 9.7p1 due to a signal handler race condition in sshd, and it has been identified in 14 million instances.

Description

Description

Description

The Qualys Threat Research Unit (TRU) found a serious security flaw in OpenSSH's server on glibc-based Linux systems. This unauthenticated Remote Code Execution (RCE) vulnerability can give attackers full root access and affects the default configuration without needing user interaction. It's a regression of a previously fixed issue (CVE-2006-5051) and was reintroduced in OpenSSH 8.5p1 in October 2020.

Affected OpenSSH Versions

Affected OpenSSH Versions

Affected OpenSSH Versions

  • Versions Earlier than 4.4p1: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they have been patched for CVE-2006-5051 and CVE-2008-4109.

  • Versions 4.4p1 to 8.4p1: Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.

  • Versions 8.5p1 to 9.7p1: The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

Detection

Detection

Detection

This script enables rapid scanning of multiple IP addresses, domain names, and CIDR network ranges to detect potential vulnerabilities and ensure the security of your infrastructure.
Save this below code file as CVE-2024-6387_Check.py

Usage

Usage

Usage

Running script for individual IP address

Examples

Single IP

Running script for multiple IPs

Running script for multiple IPs and domains

Running script for CIDR range

Running script with custom port

What all it will check

What all it will check

What all it will check

  • Rapid Scanning: Quickly scan multiple IP addresses, domain names, and CIDR ranges for the CVE-2024-6387 vulnerability.

  • Banner Retrieval: Efficiently retrieves SSH banners without authentication.

  • Multi-threading: Uses threading for concurrent checks, significantly reducing scan times.

  • Detailed Output: Provides clear, emoji-coded output summarizing scan results.

  • Port Check: Identifies closed ports and provides a summary of non-responsive hosts.

  • Rapid Scanning: Quickly scan multiple IP addresses, domain names, and CIDR ranges for the CVE-2024-6387 vulnerability.

  • Banner Retrieval: Efficiently retrieves SSH banners without authentication.

  • Multi-threading: Uses threading for concurrent checks, significantly reducing scan times.

  • Detailed Output: Provides clear, emoji-coded output summarizing scan results.

  • Port Check: Identifies closed ports and provides a summary of non-responsive hosts.

Scan Results

Scan Results

Scan Results

The script will provide a summary of the scanned targets:

🚨 Vulnerable: Servers running a vulnerable version of OpenSSH.

🛡️ Not Vulnerable: Servers running a non-vulnerable version of OpenSSH.

🔒 Closed Ports: Count of servers with port 22 (or specified port) closed.

📊 Total Scanned: Total number of targets scanned.

The script will provide a summary of the scanned targets:

🚨 Vulnerable: Servers running a vulnerable version of OpenSSH.

🛡️ Not Vulnerable: Servers running a non-vulnerable version of OpenSSH.

🔒 Closed Ports: Count of servers with port 22 (or specified port) closed.

📊 Total Scanned: Total number of targets scanned.

Sample Output

Credit

Credit

Credit

Credits to Alexander Hagenah, Cybersecurity Leader, for rapidly developing the detection script for the CVE-2024-6387 vulnerability. With over two decades of experience in cybersecurity, he has evolved from an ethical hacker to an international cybersecurity strategist.

Credits to Alexander Hagenah, Cybersecurity Leader, for rapidly developing the detection script for the CVE-2024-6387 vulnerability. With over two decades of experience in cybersecurity, he has evolved from an ethical hacker to an international cybersecurity strategist.

https://primepage.de/

https://primepage.de/