CVE-2024-7589

{"id": "CVE-2024-7589", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-08-12T13:38:44.203", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051", "tags": ["Not Applicable"], "source": "secteam@freebsd.org"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387", "tags": ["Third Party Advisory"], "source": "secteam@freebsd.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-364"}]}], "descriptions": [{"lang": "en", "value": "A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.\n\nThis issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.\n\nAs a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root."}, {"lang": "es", "value": "Un manejador de se\u00f1ales en sshd(8) puede llamar a una funci\u00f3n de registro que no es segura para se\u00f1ales as\u00edncronas. El controlador de se\u00f1ales se invoca cuando un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada). Este controlador de se\u00f1ales se ejecuta en el contexto del c\u00f3digo privilegiado de sshd(8), que no est\u00e1 protegido y se ejecuta con privilegios de root completos. Este problema es otro ejemplo del problema en CVE-2024-6387 solucionado por FreeBSD-SA-24:04.openssh. El c\u00f3digo defectuoso en este caso proviene de la integraci\u00f3n de blacklistd en OpenSSH en FreeBSD. Como resultado de llamar a funciones que no son seguras para se\u00f1ales as\u00edncronas en el contexto privilegiado sshd(8), existe una condici\u00f3n de ejecuci\u00f3n que un atacante determinado puede aprovechar para permitir la ejecuci\u00f3n remota de c\u00f3digo no autenticado como root."}], "lastModified": "2024-08-13T16:58:08.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A4E85D-70A5-4382-AAB7-4A531615613D", "versionEndExcluding": "13.0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEC367A5-24D1-414E-BC77-07968E787D01", "versionEndExcluding": "13.3", "versionStartIncluding": "13.1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABEA48EC-24EA-4106-9465-CE66B938635F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8C769C-A23E-4F61-AC42-4DA64421B096"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B0589E-2E7D-4516-A8A0-88F30038EAB0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A72B5A-2189-4700-8E8B-1E5E7CA86C40"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5771F187-281B-4680-B562-EFC7441A8F88"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4437F5-9DDA-4769-974E-23BFA085E0DB"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C3A3D4-C9F4-41EB-B532-821AF83470B1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878A1F0A-087F-47D7-9CA5-A54BB8D6676A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50A5E650-31FB-45BE-8827-641B58A83E45"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038E5B85-7F60-4D71-8D3F-EDBF6E036CE0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF309824-D379-4749-A1FA-BCB2987DD671"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA813990-8C8F-4EE8-9F2B-9F73C510A7B2"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4DFA201-27D5-4C01-B90F-E24778943C3B"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}