CVE-2024-7589
FreeBSD OpenSSH Signal Handler Privilege Escalation
Description
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
INFO
Published Date :
Aug. 12, 2024, 1:38 p.m.
Last Modified :
Nov. 21, 2024, 9:51 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
2.2
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-7589
.
URL | Resource |
---|---|
https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc | Vendor Advisory |
https://www.cve.org/CVERecord?id=CVE-2006-5051 | Not Applicable |
https://www.cve.org/CVERecord?id=CVE-2024-6387 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240816-0002/ |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-7589
vulnerability anywhere in the article.
- Cybersecurity News
Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure
A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli. The vulnerability, which allows for un ... Read more
- Cybersecurity News
FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8)
A recently disclosed security advisory has unveiled a critical vulnerability affecting FreeBSD’s bhyve hypervisor. Identified as CVE-2024-41721, this flaw carries a CVSS score of 9.8, reflecting its h ... Read more
- Cybersecurity News
CVE-2024-43491 (CVSS 9.8): Critical Windows 0-Day Flaw Uncovered, Urgent Patching Required
Microsoft has disclosed a critical zero-day vulnerability in its Windows operating system, identified as CVE-2024-43491. The vulnerability, with a severity score of 9.8 (out of 10), resides within the ... Read more
- Cybersecurity News
FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)
The FreeBSD Project has issued a security advisory warning of a critical vulnerability (CVE-2024-43102) affecting multiple versions of its operating system. This flaw, rated with a maximum CVSS score ... Read more
- Cybersecurity News
Warning: CVE-2024-20469 in Cisco ISE with PoC Code Puts Networks at Risk
A vulnerability, tracked as CVE-2024-20469, has been discovered in Cisco Identity Services Engine (ISE). With a CVSS score of 6.0, this vulnerability allows authenticated, local attackers to elevate p ... Read more
- Cybersecurity News
Minecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack
Carpet Bomb attacks aim to flood traffic to all IPs within a subnet on a victim network, with the goal to bypass per destination attack detection | Image: Global Secure LayerGlobal Secure Layer (GSL), ... Read more
- TheCyberThrone
Ivanti fixes Vulnerabilities in its ITSM Product
Ivanti has released patches for two vulnerabilities in its Neurons for IT Service Management (ITSM) platform, with potential risks ranging from unauthorized information disclosure to full system compr ... Read more
- TheCyberThrone
CISA adds Microsoft Patch Tuesday bugs to its Catalog
The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more
- TheCyberThrone
Microsoft Patch Tuesday-August 2024
Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more
- Cybersecurity News
Golddigger and Gigabud Android Banking Trojans: Same Cybercriminal, New Tricks
Icons used by Gigabud malware | Image: CRILA recent investigation by Cyble Intelligence and Research Labs (CRIL) has unveiled a significant connection between two prominent Android banking trojans: Go ... Read more
- TheCyberThrone
PostgreSQL TOCTOU Vulnerability CVE-2024-7348
PostgreSQL has released a security advisory, related to a vulnerability that exposes users to the risk of arbitrary SQL execution during pg_dump operations, potentially allowing attackers to execute h ... Read more
- TheCyberThrone
Windows CLFS bug leads to a DoS condition CVE-2024-6768
Researchers from Fortra come with a warning of a vulnerability in all versions of Windows 10 and 11 that can cause system instability and a denial of service.The vulnerability tracked as CVE-2024-6768 ... Read more
- TheCyberThrone
FreeBSD Project fixes Critical Vulnerability CVE-2024-7589
The FreeBSD Project disclosed a critical vulnerability in OpenSSH, could allow a determined attacker to execute arbitrary code remotely with root privileges, potentially compromising the entire system ... Read more
- The Cyber Express
Critical OpenSSH Vulnerability in FreeBSD Allows Remote Root Access
A newly discovered OpenSSH vulnerability in FreeBSD systems has been reported. This critical flaw, identified as CVE-2024-7589, could allow attackers to execute remote code with root privileges withou ... Read more
- The Hacker News
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
Cybersecurity / Network Security The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute ar ... Read more
- Cyber Security News
Critical OpenSSH Vulnerability in FreeBSD Let’s Attackers Gain Root Access Remotely
A critical security vulnerability has been discovered in OpenSSH implementations on FreeBSD systems, potentially allowing attackers to execute remote code without authentication. The vulnerability, id ... Read more
- Cybersecurity News
CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE
Please enable JavaScriptIn a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite. This ... Read more
The following table lists the changes that have been made to the
CVE-2024-7589
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20240816-0002/ -
Initial Analysis by [email protected]
Aug. 13, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc No Types Assigned https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc Vendor Advisory Changed Reference Type https://www.cve.org/CVERecord?id=CVE-2006-5051 No Types Assigned https://www.cve.org/CVERecord?id=CVE-2006-5051 Not Applicable Changed Reference Type https://www.cve.org/CVERecord?id=CVE-2024-6387 No Types Assigned https://www.cve.org/CVERecord?id=CVE-2024-6387 Third Party Advisory Added CWE NIST CWE-362 Added CPE Configuration OR *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions up to (excluding) 13.0 *cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.3 *cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:* -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 12, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-364 Added CVSS V3.1 CISA-ADP AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H -
CVE Received by [email protected]
Aug. 12, 2024
Action Type Old Value New Value Added Description A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. Added Reference FreeBSD https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc [No types assigned] Added Reference FreeBSD https://www.cve.org/CVERecord?id=CVE-2006-5051 [No types assigned] Added Reference FreeBSD https://www.cve.org/CVERecord?id=CVE-2024-6387 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-7589
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-7589
weaknesses.