sfewer-r7
commented
3 months ago Please note, Qualys (the original finders of the vuln) posted a message (https://seclists.org/oss-sec/2024/q3/19) debunking the 7etsuo-regreSSHion.c exploit as not being a real exploit.
Many people have asked us about an alleged proof of concept named "7etsuo-regreSSHion.c": it is not a proof of concept, it is essentially empty code (it might even be dangerous to compile and execute, we have not checked). It is not just the shellcode that is missing, everything else is missing too: the key-exchange code does nothing, the public-key code does nothing useful, etc etc.
It looks great but it does nothing. A working proof of concept for this vulnerability will be much longer and complex, and will take much more time to write than this.
Additionally, Unit42 tested the same 'exploit' and could not get it working (https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/)
A public PoC for CVE 2024-6387 was committed to the repository of GitHub user zgzhang by user 7etsuo on July 1, 2024. We have been unable to successfully exploit the CVE-2024-6387 vulnerability with this PoC to achieve remote code execution in our testing environment.
Adding coverage for CVE-2024-6387 would be great, but it appears the current public PoC is a red herring.
Admin9961
https://github.com/lflare/cve-2024-6387-poc
Affected versions of OpenSSH range from 8.5p1 to 9.8p1
Severity: critical.