August 12, 2024Ravie LakshmananCybersecurity / Network Security

The maintainers of the FreeBSD project have released security updates to patch a high severity vulnerability in OpenSSH. Attackers could exploit this vulnerability to remotely execute arbitrary code with elevated privileges.

The vulnerability, followed as CVE-2024-7589has a CVSS score of 7.4 out of a maximum of 10.0, which indicates high severity.

“A signal handler in sshd(8) may call a logging function that is not async signal-safe,” according to an advisory released last week.

“The signal handler is called when a client fails to authenticate within the LoginGraceTime seconds (default 120). This signal handler is executed in the context of the privileged sshd(8) code, which is not sandboxed and runs with full root privileges.”

OpenSSH is an implementation of the Secure Shell (SSH) protocol suite and provides encrypted and authenticated transport for various services, including remote shell access.

CVE-2024-7589 is described as a “new example” of an issue known as regreSSHion (CVE-2024-6387), which was disclosed early last month.

“The bad code in this case stems from the integration of blacklistd into OpenSSH in FreeBSD,” the project maintainers said.

“As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker could exploit to allow unauthenticated remote code execution as root.”

FreeBSD users are strongly advised to update to a supported version and restart sshd to mitigate potential threats.

In cases where sshd(8) cannot be upgraded, the race condition problem can be resolved by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). While this change makes the daemon vulnerable to a denial-of-service attack, it protects it from remote code execution.