High-Severity OpenSSH Vulnerability in FreeBSD Addressed with Urgent Patch

August 12, 2024

The FreeBSD Project has urgently updated its security measures in response to a high-severity vulnerability in OpenSSH. This flaw could be exploited by attackers to remotely execute arbitrary code with elevated privileges. The vulnerability, known as CVE-2024-7589, has a high CVSS score of 7.4 out of a maximum of 10.0, signifying its severity.

An advisory issued last week detailed the vulnerability: "A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges."

OpenSSH is a secure shell (SSH) protocol suite implementation. It provides secure and authenticated transport for various services, including remote shell access. The aforementioned vulnerability, CVE-2024-7589, is another instance of a known issue called regreSSHion (CVE-2024-6387), which was identified early last month.

The project maintainers explained the source of the faulty code: "The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root."

FreeBSD users are strongly encouraged to update to a supported version and restart sshd to mitigate potential threats. If updating sshd(8) is not possible, the race condition can be addressed by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). Although this adjustment makes the daemon susceptible to a denial-of-service, it protects it against remote code execution.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.