CVE-2024-7589
Published: 12 August 2024
Summary
CVE-2024-7589 is a high-severity Race Condition (CWE-362) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 4.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A signal handler in the sshd(8) daemon on FreeBSD can invoke a logging function that is not async-signal-safe. The handler triggers when a client fails to authenticate within the LoginGraceTime window (120 seconds by default) and executes inside the privileged, unsandboxed sshd process running with full root privileges. The flaw stems from FreeBSD's integration of blacklistd into OpenSSH and is described as a distinct instance of the earlier issue tracked in CVE-2024-6387.
An unauthenticated remote attacker who can reach the SSH service may deliberately trigger the signal handler and attempt to exploit the resulting race condition. Successful exploitation yields remote code execution with root privileges on the target system. The attack requires precise timing and is rated high severity under CVSS 8.1.
FreeBSD advisory SA-24:08.openssh addresses the issue and is referenced alongside related OpenSSH CVEs and a NetApp security bulletin. System administrators are expected to apply the corresponding FreeBSD patch or update to eliminate the unsafe logging call from the signal handler.
EPSS for the vulnerability rose from a low baseline to a peak of 0.2196 (current value 0.1741), indicating that exploitation interest increased after disclosure. No reports of in-the-wild exploitation appear in the supplied references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48485
Vulnerability details
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of…
more
the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.
Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.