FreeBSD Publishes Immediate Patch for Severe OpenSSH Vulnerability
The custodians of the FreeBSD Project have rolled out security upgrades to handle a critical flaw in OpenSSH that potential attackers might exploit to remotely execute arbitrary code with heightened privileges.
The flaw, identified as CVE-2024-7589, is assigned a CVSS score of 7.4 out of a possible 10.0, indicating its severe nature.
“A signal handler in sshd(8) might trigger a logging function that is not async-signal-safe,” a warning stated in an advisory published last week.
“When a client fails to authenticate within the LoginGraceTime seconds (default set to 120), the signal handler is activated. This particular handler runs within the privileged code of sshd(8) that lacks sandboxing and is executed with complete root privileges.”
OpenSSH functions as an implementation of the secure shell (SSH) protocol suite, offering secure and authenticated communication for various services, such as remote shell access.
CVE-2024-7589 is characterized as “another example” of a concern known as regreSSHion (CVE-2024-6387), which emerged earlier last month.
“The defective code in this scenario originates from the integration of blacklistd in OpenSSH within FreeBSD,” mentioned the project overseers.
“Due to the invocation of functions that are not async-signal-safe within the privileged context of sshd(8), there exists a race condition that a determined intruder can potentially exploit to allow remote code execution without authentication as root.”
FreeBSD users are strongly urged to update to a supported edition and restart sshd to mitigate potential risks.
In scenarios where updating sshd(8) is infeasible, the race condition predicament can be resolved by configuring LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). Although this modification exposes the daemon to denial-of-service attacks, it protects against remote code execution.
About Author
