8.1
HIGH
CVE-2024-7589
FreeBSD OpenSSH Signal Handler Privilege Escalation
Description

A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.

INFO

Published Date :

Aug. 12, 2024, 1:38 p.m.

Last Modified :

Nov. 21, 2024, 9:51 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.2
Affected Products

The following products are affected by CVE-2024-7589 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Freebsd freebsd
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-7589.

URL Resource
https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2006-5051 Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-6387 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240816-0002/

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-7589 vulnerability anywhere in the article.

  • Cybersecurity News
Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for un ... Read more

Published Date: Sep 24, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8)

A recently disclosed security advisory has unveiled a critical vulnerability affecting FreeBSD’s bhyve hypervisor. Identified as CVE-2024-41721, this flaw carries a CVSS score of 9.8, reflecting its h ... Read more

Published Date: Sep 23, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
CVE-2024-43491 (CVSS 9.8): Critical Windows 0-Day Flaw Uncovered, Urgent Patching Required

Microsoft has disclosed a critical zero-day vulnerability in its Windows operating system, identified as CVE-2024-43491. The vulnerability, with a severity score of 9.8 (out of 10), resides within the ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • Cybersecurity News
FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score ... Read more

Published Date: Sep 10, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Warning: CVE-2024-20469 in Cisco ISE with PoC Code Puts Networks at Risk

A vulnerability, tracked as CVE-2024-20469, has been discovered in Cisco Identity Services Engine (ISE). With a CVSS score of 6.0, this vulnerability allows authenticated, local attackers to elevate p ... Read more

Published Date: Sep 05, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Minecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack

Carpet Bomb attacks aim to flood traffic to all IPs within a subnet on a victim network, with the goal to bypass per destination attack detection | Image: Global Secure LayerGlobal Secure Layer (GSL), ... Read more

Published Date: Aug 31, 2024 (3 months, 3 weeks ago)
  • TheCyberThrone
Ivanti fixes Vulnerabilities in its ITSM Product

Ivanti has released patches for two vulnerabilities in its Neurons for IT Service Management (ITSM) platform, with potential risks ranging from unauthorized information disclosure to full system compr ... Read more

Published Date: Aug 14, 2024 (4 months, 1 week ago)
  • TheCyberThrone
CISA adds Microsoft Patch Tuesday bugs to its Catalog

The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more

Published Date: Aug 14, 2024 (4 months, 1 week ago)
  • TheCyberThrone
Microsoft Patch Tuesday-August 2024

Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more

Published Date: Aug 14, 2024 (4 months, 1 week ago)
  • Cybersecurity News
Golddigger and Gigabud Android Banking Trojans: Same Cybercriminal, New Tricks

Icons used by Gigabud malware | Image: CRILA recent investigation by Cyble Intelligence and Research Labs (CRIL) has unveiled a significant connection between two prominent Android banking trojans: Go ... Read more

Published Date: Aug 14, 2024 (4 months, 1 week ago)
  • TheCyberThrone
PostgreSQL TOCTOU Vulnerability CVE-2024-7348

PostgreSQL has released a security advisory, related to a vulnerability that exposes users to the risk of arbitrary SQL execution during pg_dump operations, potentially allowing attackers to execute h ... Read more

Published Date: Aug 13, 2024 (4 months, 1 week ago)
  • TheCyberThrone
Windows CLFS bug leads to a DoS condition CVE-2024-6768

Researchers from Fortra come with a warning of a vulnerability in all versions of Windows 10 and 11 that can cause system instability and a denial of service.The vulnerability tracked as CVE-2024-6768 ... Read more

Published Date: Aug 13, 2024 (4 months, 1 week ago)
  • TheCyberThrone
FreeBSD Project fixes Critical Vulnerability CVE-2024-7589

The FreeBSD Project disclosed a critical vulnerability in OpenSSH, could allow a determined attacker to execute arbitrary code remotely with root privileges, potentially compromising the entire system ... Read more

Published Date: Aug 12, 2024 (4 months, 1 week ago)
  • The Cyber Express
Critical OpenSSH Vulnerability in FreeBSD Allows Remote Root Access

A newly discovered OpenSSH vulnerability in FreeBSD systems has been reported. This critical flaw, identified as CVE-2024-7589, could allow attackers to execute remote code with root privileges withou ... Read more

Published Date: Aug 12, 2024 (4 months, 1 week ago)
  • The Hacker News
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

Cybersecurity / Network Security The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute ar ... Read more

Published Date: Aug 12, 2024 (4 months, 1 week ago)
  • Cyber Security News
Critical OpenSSH Vulnerability in FreeBSD Let’s Attackers Gain Root Access Remotely

A critical security vulnerability has been discovered in OpenSSH implementations on FreeBSD systems, potentially allowing attackers to execute remote code without authentication. The vulnerability, id ... Read more

Published Date: Aug 12, 2024 (4 months, 1 week ago)
  • Cybersecurity News
CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE

Please enable JavaScriptIn a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite. This ... Read more

Published Date: Aug 12, 2024 (4 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-7589 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20240816-0002/
  • Initial Analysis by [email protected]

    Aug. 13, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc No Types Assigned https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc Vendor Advisory
    Changed Reference Type https://www.cve.org/CVERecord?id=CVE-2006-5051 No Types Assigned https://www.cve.org/CVERecord?id=CVE-2006-5051 Not Applicable
    Changed Reference Type https://www.cve.org/CVERecord?id=CVE-2024-6387 No Types Assigned https://www.cve.org/CVERecord?id=CVE-2024-6387 Third Party Advisory
    Added CWE NIST CWE-362
    Added CPE Configuration OR *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions up to (excluding) 13.0 *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.3 *cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 12, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-364
    Added CVSS V3.1 CISA-ADP AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE Received by [email protected]

    Aug. 12, 2024

    Action Type Old Value New Value
    Added Description A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
    Added Reference FreeBSD https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc [No types assigned]
    Added Reference FreeBSD https://www.cve.org/CVERecord?id=CVE-2006-5051 [No types assigned]
    Added Reference FreeBSD https://www.cve.org/CVERecord?id=CVE-2024-6387 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-7589 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-7589 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability