Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-7589

Good to know:

icon

Date: August 10, 2024

A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.

Language: C

Severity Score

Related Resources (6)

https://nvd.nist.gov/vuln/detail/CVE-2024-7589
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc
https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc
https://www.cve.org/CVERecord?id=CVE-2006-5051
https://www.cve.org/CVERecord?id=CVE-2024-6387
https://www.mend.io/vulnerability-database/CVE-2024-7589

Severity Score

Weakness Type (CWE)

Code Injection

CWE-94

Race Conditions

CWE-362

Signal Handler Race Condition

CWE-364

Top Fix

icon

Upgrade Version

Upgrade to version 2739a6845031e69be7c03461a9335d8bbb9f59bd

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us