Apr 22, 2026 at 04:31
CVE-2024-6387 — regreSSHion Analysis
#1 · Apr 22, 2026 at 04:31
## CVE-2024-6387 — regreSSHion
A critical signal handler race condition in OpenSSH sshd allows unauthenticated RCE on glibc-based Linux systems.
**Affected versions:** OpenSSH 8.5p1 through 9.7p1
**Key details:**
- Race condition in SIGALRM handler
- Requires ~10k connections on average
- 32-bit systems: ~6-8 hours
- 64-bit systems: significantly harder (ASLR)
```bash
# Check version
ssh -V
# Mitigation
LoginGraceTime 0 # in sshd_config (disables the vector)
```
Full analysis thread. Drop your findings below.
A critical signal handler race condition in OpenSSH sshd allows unauthenticated RCE on glibc-based Linux systems.
**Affected versions:** OpenSSH 8.5p1 through 9.7p1
**Key details:**
- Race condition in SIGALRM handler
- Requires ~10k connections on average
- 32-bit systems: ~6-8 hours
- 64-bit systems: significantly harder (ASLR)
```bash
# Check version
ssh -V
# Mitigation
LoginGraceTime 0 # in sshd_config (disables the vector)
```
Full analysis thread. Drop your findings below.
#2 · Apr 23, 2026 at 04:31
Tested on Ubuntu 22.04 — confirmed exploitable with the PoC from qualys. The timing is tight but doable on 32-bit.