A critical OpenSSH vulnerability in FreeBSD systems has recently come to light, raising concerns about potential remote code execution with root privileges without the need for authentication. This flaw, identified as CVE-2024-7589, affects all supported versions of FreeBSD, prompting swift action to secure affected systems.
The vulnerability stems from a signal handler within the SSH daemon (sshd) in FreeBSD, which interacts with logging functions that are not considered async-signal-safe. When a client fails to authenticate within the default LoginGraceTime period of 120 seconds, this signal handler is triggered, calling logging functions that create a race condition exploitable by attackers for remote code execution.
Specifically, the flawed code is found in the integration of the blacklisted service within FreeBSD’s OpenSSH implementation, operating with full root privileges within the sshd process. This amplifies the risk associated with the vulnerability, enabling attackers to gain unauthenticated remote access and execute code as the root user.
In response to this critical OpenSSH vulnerability, FreeBSD has issued security advisories and patches to address the issue across multiple versions of the operating system. Patch updates were released for Stable/13 and Stable/14 on August 6, 2024, and for Releng/13.3, Releng/14.0, and Releng/14.1 on August 7, 2024, available in both binary and source code formats.
Users can opt for binary patching using the FreeBSD-update utility on platforms like amd64, arm64, or i386, or choose source code updates, which involve fetching, verifying, and applying the relevant patches before recompiling the operating system. Detailed instructions are provided in the FreeBSD security advisory, along with guidance on verifying applied patches and commit hashes.
For those unable to apply immediate patches, a workaround involves setting LoginGraceTime to 0 in the /etc/ssh/sshd_config file and restarting the sshd service to mitigate the risk of remote code execution. However, this adjustment may expose systems to denial-of-service attacks due to potential connection exhaustion.
Given the severe nature of CVE-2024-7589, system administrators are strongly urged to implement available updates promptly to prevent unauthorized access, data exfiltration, or malware installation. This vulnerability poses a significant risk of system compromise due to unauthenticated remote code execution in a privileged context.
While similar to CVE-2024-6387 affecting OpenSSH on Linux systems, CVE-2024-7589 is specific to FreeBSD’s implementation, particularly its integration with blacklistd. This distinction underscores the importance of tailored security measures across different operating systems and configurations to ensure comprehensive protection against potential threats.