The FreeBSD Project has recently released some security updates that patch a high-impact vulnerability in OpenSSH. This vulnerability identified as CVE-2024-7589 has a high severity rating, with a 7.4 out of 10 base score in the CVSS scoring system.
The problem stems from a signal handler in sshd(8) that could call a logging function not designed for async-signal safety. The handler is triggered when the client fails to authenticate within the allowed LoginGraceTime, which defaults to 120 seconds. This happens in the privileged, non-sandboxed code of sshd(8) running with full root access.
OpenSSH is a common implementation of the SSH protocol suite used to perform secure, encrypted communication of different services, including remote shell access.
This vulnerability is similar to a previously disclosed one referred to as “regreSSHion” (CVE-2024-6387). The current problem originates from the integration of blacklistd into OpenSSH on FreeBSD systems.
This vulnerability causes a race condition that could allow an attacker to attempt to execute arbitrary code with root privileges and bypass authentication remotely.
To mitigate this risk, FreeBSD users are strongly encouraged to upgrade their systems to a supported version and restart the sshd service. If updating is impossible, a workaround would be to change the value of LoginGraceTime in the configuration file of sshd (/etc/ssh/sshd_config) to 0 and restart the service. While this introduces a potential denial-of-service vulnerability, this workaround prevents remote code execution.
