close
close

first Drop

Com TW NOw News 2024

FreeBSD Releases Urgent Patch for High Severity OpenSSH Vulnerability
news

FreeBSD Releases Urgent Patch for High Severity OpenSSH Vulnerability

August 12, 2024Ravie LakshmananCybersecurity / Network Security

FreeBSD Releases Urgent Patch for High Severity OpenSSH Vulnerability

The maintainers of the FreeBSD project have released security updates to patch a high severity vulnerability in OpenSSH. Attackers could exploit this vulnerability to remotely execute arbitrary code with elevated privileges.

The vulnerability, followed as CVE-2024-7589has a CVSS score of 7.4 out of a maximum of 10.0, which indicates high severity.

“A signal handler in sshd(8) may call a logging function that is not async signal-safe,” according to an advisory released last week.

Cyber ​​Security

“The signal handler is called when a client fails to authenticate within the LoginGraceTime seconds (default 120). This signal handler is executed in the context of the privileged sshd(8) code, which is not sandboxed and runs with full root privileges.”

OpenSSH is an implementation of the Secure Shell (SSH) protocol suite and provides encrypted and authenticated transport for various services, including remote shell access.

CVE-2024-7589 is described as a “new example” of an issue known as regreSSHion (CVE-2024-6387), which was disclosed early last month.

“The bad code in this case stems from the integration of blacklistd into OpenSSH in FreeBSD,” the project maintainers said.

“As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker could exploit to allow unauthenticated remote code execution as root.”

Cyber ​​Security

FreeBSD users are strongly advised to update to a supported version and restart sshd to mitigate potential threats.

In cases where sshd(8) cannot be upgraded, the race condition problem can be resolved by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). While this change makes the daemon vulnerable to a denial-of-service attack, it protects it from remote code execution.

Did you find this article interesting? Follow us Twitter and LinkedIn to read more exclusive content we post.