Metrics
Affected Vendors & Products
Fri, 16 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
ssvc
|
Fri, 16 Aug 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 13 Aug 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-362 | |
CPEs | cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:* |
Mon, 12 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Freebsd
Freebsd freebsd |
|
Weaknesses | CWE-364 | |
CPEs | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Freebsd
Freebsd freebsd |
|
Metrics |
cvssV3_1
|
Sun, 11 Aug 2024 03:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. | |
Title | OpenSSH pre-authentication async signal safety issue | |
References |
|
Status: PUBLISHED
Assigner: freebsd
Published: 2024-08-11T03:15:52.181Z
Updated: 2024-08-16T17:02:48.552Z
Reserved: 2024-08-07T13:25:09.753Z
Link: CVE-2024-7589
Updated: 2024-08-16T17:02:48.552Z
Status : Modified
Published: 2024-08-12T13:38:44.203
Modified: 2024-11-21T09:51:46.310
Link: CVE-2024-7589