Affranchise FreeBSD Rolls Out Immediate Fix for Severe OpenSSH Vulnerability
The stewards of the FreeBSD Project have put forth security updates to tackle a critical flaw in OpenSSH that malefactors could potentially use to execute arbitrary code remotely with heightened privileges.
The vulnerability, known as CVE-2024-7589, holds a CVSS score of 7.4 out of a maximum of 10.0, signaling high seriousness.
“A signal handler in sshd(8) might trigger a logging function that is not async-signal-safe,” according to an advisory published last week.
“The signal handler is invoked when a client fails to authenticate within the default LoginGraceTime seconds (120 by default). This signal handler runs in the context of the sshd(8)’s privileged code, which operates without restrictions and has complete root privileges.”
OpenSSH acts as an implementation of the secure shell (SSH) protocol suite, delivering encrypted and authenticated transport for a range of services, such as remote shell access.
CVE-2024-7589 has been labelled as “another instance” of a problem known as regreSSHion (CVE-2024-6387), which was brought to light at the beginning of last month.
“In this scenario, the flawed code stems from the amalgamation of blacklistd in OpenSSH within FreeBSD,” communicated by the project stewards.
“Due to the invocation of functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a persistent attacker might be able to exploit to enable unauthenticated remote code execution as root.”
Users of FreeBSD are strongly urged to upgrade to a supported edition and restart sshd to counter possible threats.
In situations where updating sshd(8) is not feasible, the race condition problem can be resolved by configuring LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). Though this adjustment exposes the daemon to a denial-of-service risk, it protects it against remote code execution.
About Author
