Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    sshd CVE-2024-6387 vulnerability

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 6 Posters 4.2k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ Offline
      JonathanLee @marcg
      last edited by

      @marcg I see it I was searching for FreeBSD

      "This vulnerability is exploitable remotely on glibc-based Linux systems,
      where syslog() itself calls async-signal-unsafe functions (for example,
      malloc() and free()): an unauthenticated remote code execution as root,
      because it affects sshd's privileged code, which is not sandboxed and
      runs with full privileges. We have not investigated any other libc or
      operating system; but OpenBSD is notably not vulnerable, because its
      SIGALRM handler calls syslog_r(), an async-signal-safer version of
      syslog() that was invented by OpenBSD in 2001."

      Make sure to upvote

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        Theoretically. See: https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc
        Workaround patch incoming.

        M JonathanLeeJ 2 Replies Last reply Reply Quote 2
        • M Offline
          marcg @stephenw10
          last edited by

          @stephenw10, thanks.

          1 Reply Last reply Reply Quote 0
          • JonathanLeeJ Offline
            JonathanLee @stephenw10
            last edited by

            @stephenw10

            Workaround

            If sshd(8) cannot be updated, this signal handler race condition can be
            mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and
            restarting sshd(8). This makes sshd(8) vulnerable to a denial of service
            (the exhaustion of all MaxStartups connections), but makes it safe from the
            remote code execution presented in this advisory.

            Is this the recommendation for older versions of pfSense currently?

            Make sure to upvote

            1 Reply Last reply Reply Quote 1
            • stephenw10S Online
              stephenw10 Netgate Administrator
              last edited by

              Yes, the patch will set that.

              S 1 Reply Last reply Reply Quote 1
              • S Offline
                slu @stephenw10
                last edited by

                And the patch is already there, good work Netgate!

                pfSense Gold subscription

                1 Reply Last reply Reply Quote 1
                • stephenw10S Online
                  stephenw10 Netgate Administrator
                  last edited by

                  See: https://forum.netgate.com/topic/189010/netgate-security-advisory-cve-2024-6387

                  T 1 Reply Last reply Reply Quote 1
                  • T Offline
                    tedquade @stephenw10
                    last edited by

                    @stephenw10 Will a fix for this be incorporated in the next 24.09-Development release?

                    Ted

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Online
                      stephenw10 Netgate Administrator
                      last edited by

                      Yes 24.08 will have an updated openssh version.

                      J 1 Reply Last reply Reply Quote 2
                      • JeGrJ JeGr referenced this topic on
                      • J Offline
                        jos-andel @stephenw10
                        last edited by

                        @stephenw10
                        How about the new CE 2.8.0 ? Is that alright as well ?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Online
                          stephenw10 Netgate Administrator
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Online
                            stephenw10 Netgate Administrator
                            last edited by

                            2.8.0 has the patched code: https://github.com/pfsense/FreeBSD-src/commit/2abea9df01655633aabbb9bf3204c90722001202

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.