Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7589

A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.

Published

2024-08-12T13:38:44.203

Last Modified

2024-11-21T09:51:46.310

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-362
Type: Secondary
CWE-364

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 13.0	Yes
Operating System	freebsd	freebsd	< 13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.1	Yes
Operating System	freebsd	freebsd	14.1	Yes

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc Vendor Advisory ([email protected])
https://www.cve.org/CVERecord?id=CVE-2006-5051 Not Applicable ([email protected])
https://www.cve.org/CVERecord?id=CVE-2024-6387 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240816-0002/ (af854a3a-2127-422b-91ae-364da2661108)