Cyber security news for all

More

    FreeBSD Issues Critical Patch for High-Severity OpenSSH Vulnerability

    The FreeBSD Project maintainers have released essential security updates to fix a high-severity vulnerability in OpenSSH, which could allow attackers to execute arbitrary code remotely with elevated privileges.

    Identified as CVE-2024-7589, this vulnerability has a CVSS score of 7.4 out of 10, reflecting its high severity.

    “A signal handler in sshd(8) may call a logging function that is not async-signal-safe,” according to an advisory released last week.

    The signal handler is triggered when a client fails to authenticate within the LoginGraceTime (set to 120 seconds by default). This handler operates within sshd(8)’s privileged code context, which is not sandboxed and runs with full root privileges.

    OpenSSH, an implementation of the secure shell (SSH) protocol suite, provides encrypted and authenticated transport for services like remote shell access.

    CVE-2024-7589 is noted as “another instance” of the issue identified as regreSSHion (CVE-2024-6387), which was revealed early last month.

    “The faulty code here stems from the integration of blacklistd in OpenSSH on FreeBSD,” the project maintainers explained.

    “Due to the invocation of non-async-signal-safe functions in the privileged sshd(8) context, a race condition exists, which a determined attacker could exploit to enable unauthenticated remote code execution as root.”

    FreeBSD users are strongly urged to update to a supported version and restart sshd to mitigate this threat.

    If updating sshd(8) is not possible, the race condition can be addressed by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). While this adjustment exposes the daemon to denial-of-service attacks, it prevents remote code execution.

    Recent Articles

    Related Stories