High-Severity OpenSSH Vulnerability in FreeBSD Addressed with Urgent Patch
August 12, 2024
The FreeBSD Project has urgently updated its security measures in response to a high-severity vulnerability in OpenSSH. This flaw could be exploited by attackers to remotely execute arbitrary code with elevated privileges. The vulnerability, known as CVE-2024-7589, has a high CVSS score of 7.4 out of a maximum of 10.0, signifying its severity.
An advisory issued last week detailed the vulnerability: "A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges."
OpenSSH is a secure shell (SSH) protocol suite implementation. It provides secure and authenticated transport for various services, including remote shell access. The aforementioned vulnerability, CVE-2024-7589, is another instance of a known issue called regreSSHion (CVE-2024-6387), which was identified early last month.
The project maintainers explained the source of the faulty code: "The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root."
FreeBSD users are strongly encouraged to update to a supported version and restart sshd to mitigate potential threats. If updating sshd(8) is not possible, the race condition can be addressed by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). Although this adjustment makes the daemon susceptible to a denial-of-service, it protects it against remote code execution.
Related News
- New OpenSSH Vulnerability May Lead to Remote Code Execution
- Unauthenticated OpenSSH RCE Vulnerability 'regreSSHion' Threatens Linux Servers
Latest News
- Microsoft Identifies Four Security Vulnerabilities in OpenVPN Software
- AMD Warns of High-Severity CPU Vulnerability 'SinkClose'
- Unpatched Office Zero-Day Vulnerability Disclosed by Microsoft
- Unpatched Microsoft Office Flaw Could Expose NTLM Hashes
- Critical Zero-Day Vulnerabilities Identified in Cisco's End-of-Life IP Phones
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.