CVE-2024-7589

EPSS 17.41%
Published 12.08.2024 13:38:44
Last modified 21.11.2024 09:51:46
Source secteam@freebsd.org
Teams watchlist Login
Open Login

A signal handler in sshd(8) may call a logging function that is not async-signal-safe.  The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default).  This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.

This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh.  The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.

As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.

Affected products Warnungen 0 Metrics 3 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version < 13.0

Freebsd ≫ Freebsd Version >= 13.1 < 13.3

Freebsd ≫ Freebsd Version13.3 Updatep1

Freebsd ≫ Freebsd Version13.3 Updatep2

Freebsd ≫ Freebsd Version13.3 Updatep3

Freebsd ≫ Freebsd Version13.3 Updatep4

Freebsd ≫ Freebsd Version14.0 Updatebeta5

Freebsd ≫ Freebsd Version14.0 Updatep1

Freebsd ≫ Freebsd Version14.0 Updatep2

Freebsd ≫ Freebsd Version14.0 Updatep3

Freebsd ≫ Freebsd Version14.0 Updatep4

Freebsd ≫ Freebsd Version14.0 Updatep5

Freebsd ≫ Freebsd Version14.0 Updatep6

Freebsd ≫ Freebsd Version14.0 Updatep7

Freebsd ≫ Freebsd Version14.0 Updatep8

Freebsd ≫ Freebsd Version14.0 Updaterc3

Freebsd ≫ Freebsd Version14.0 Updaterc4-p1

Freebsd ≫ Freebsd Version14.1 Updatep1

Freebsd ≫ Freebsd Version14.1 Updatep2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17.41%	0.948

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-364 Signal Handler Race Condition

The product uses a signal handler that introduces a race condition.

https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2006-5051

Not Applicable

https://www.cve.org/CVERecord?id=CVE-2024-6387

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240816-0002/

https://nvd.nist.gov/vuln/detail/CVE-2024-7589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7589

EUVD