Critical OpenSSH Vulnerability in FreeBSD Let’s Attackers Gain Root Access Remotely


A critical security vulnerability has been discovered in OpenSSH implementations on FreeBSD systems, potentially allowing attackers to execute remote code without authentication. The vulnerability, identified as CVE-2024-7589, affects all supported versions of FreeBSD.

The issue stems from a signal handler in the SSH daemon (sshd) that may call logging functions that are not async-signal-safe. This signal handler is triggered when a client fails to authenticate within the default 120-second LoginGraceTime period.

EHA

The signal handler, which is supposed to manage such timeouts, inadvertently calls a logging function that is not safe to execute in an asynchronous signal context. This issue, linked to the integration of the blacklistd service in FreeBSD, creates a race condition that attackers can exploit to execute arbitrary code remotely.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Critically, the vulnerable code executes in sshd’s privileged context with full root access, creating a race condition that determined attackers could potentially exploit for unauthenticated remote code execution as root.

FreeBSD has released patches to address this vulnerability in the following versions:

  • 14.1-RELEASE-p3
  • 14.0-RELEASE-p9
  • 13.3-RELEASE-p5

System administrators are strongly advised to update their FreeBSD systems immediately. For those unable to update immediately, a temporary mitigation involves setting LoginGraceTime to 0 in the sshd configuration file. However, this workaround may leave systems vulnerable to denial-of-service attacks.

The vulnerability poses a significant risk as it allows unauthenticated remote code execution, potentially leading to full system compromise. Attackers exploiting this flaw can gain root access, install backdoors, exfiltrate data, or deploy malware.

The vulnerability is particularly concerning because it operates in the privileged context of sshd, which is not sandboxed and runs with full root privileges.

This vulnerability is similar to the recently disclosed CVE-2024-6387, which affected OpenSSH on Linux systems. However, the code responsible for CVE-2024-7589 is specific to FreeBSD’s integration of blacklistd in OpenSSH.

The discovery of this vulnerability highlights the ongoing importance of security audits and prompt patching, especially for critical infrastructure components like SSH servers. FreeBSD users should prioritize applying the available security updates to protect their systems from potential exploitation.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download



Source link