FreeBSD Issues an Emergency Fix for Severe OpenSSH Security Flaw

0
64
FreeBSD Issues an Emergency Fix for Severe OpenSSH Security Flaw
FreeBSD Issues an Emergency Fix for Severe OpenSSH Security Flaw

The maintainers of the FreeBSD Project have released security updates to address a high-severity vulnerability in OpenSSH that could potentially grant attackers the ability to remotely execute arbitrary code with elevated privileges.

Security fixes have been made available by the FreeBSD Project maintainers to fix a high-severity vulnerability in OpenSSH that might allow attackers to remotely execute arbitrary code with elevated privileges.

The vulnerability, identified as CVE-2024-7589, has a high severity CVSS score of 7.4 out of a possible 10.0.

An advisory published last week stated that “a signal handler in sshd(8) may call a logging function that is not async-signal-safe.”

When a client fails to authenticate within the LoginGraceTime seconds (120 by default), the signal handler is called. This signal handler operates behind the privileged code of sshd(8), which is not sandboxed and has full root rights.”

The secure shell (SSH) protocol suite is implemented by OpenSSH, which offers encrypted and authenticated transport for a range of services, including remote shell access.

CVE-2024-7589 is characterized as “another instance” of the regreSSHion issue (CVE-2024-6387), which was discovered early in the month.

The project maintainers stated, “The faulty code in this case is from the integration of blacklists in OpenSSH in FreeBSD.”

“As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.”

Users of FreeBSD are strongly advised to update to a supported version and restart sshd to mitigate potential threats. In cases where sshd(8) cannot be updated, the race condition issue can be resolved by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and restarting sshd(8). While this change makes the daemon vulnerable to a denial-of-service, it safeguards it against remote code execution.

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.