CVE-2024-7589

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to the fixed version

Description A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. The estimated number of potentially affected devices worldwide is over 1 million.

Recommendations Update OpenSSH to the latest version to fix the vulnerability. As a temporary workaround, consider setting LoginGraceTime to 0 to mitigate the risk of exploitation. Restart sshd after updating to ensure the changes take effect. At the moment, there is no information about other versions that contain a fix for this vulnerability.