The maintainers of the FreeBSD Venture have launched safety updates to handle a high-severity flaw in OpenSSH that attackers might doubtlessly exploit to execute arbitrary code remotely with elevated privileges.
The vulnerability, tracked as CVE-2024-7589, carries a CVSS rating of seven.4 out of a most of 10.0, indicating excessive severity.
“A signal handler in sshd(8) may call a logging function that is not async-signal-safe,” in accordance with an advisory launched final week.
“The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)’s privileged code, which is not sandboxed and runs with full root privileges.”
OpenSSH is an implementation of the safe shell (SSH) protocol suite, offering encrypted and authenticated transport for quite a lot of companies, together with distant shell entry.
CVE-2024-7589 has been described as “another instance” of an issue that is known as regreSSHion (CVE-2024-6387), which got here to gentle early final month.
“The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD,” the undertaking maintainers mentioned.
“As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.”
Customers of FreeBSD are strongly suggested to replace to a supported model and restart sshd to mitigate potential threats.
In instances the place sshd(8) can’t be up to date, the race situation problem could be resolved by setting LoginGraceTime to 0 in /and so on/ssh/sshd_config and restarting sshd(8). Whereas this variation makes the daemon weak to a denial-of-service, it safeguards it towards distant code execution.
