The
maintainers
of
OpenSSH
have
released
OpenSSH
9.2
to
address
a
number
of
security
bugs,
including
a
memory
safety
vulnerability
in
the
OpenSSH
server
(sshd).
Tracked
as
CVE-2023-25136,
the
shortcoming
has
been
classified
as
a
pre-authentication
double
free
vulnerability
that
was
introduced
in
version
9.1.
“This
is
not
believed
to
be
exploitable,
and
it
occurs
in
the
unprivileged
pre-auth
process
that
is
subject
to
chroot(2)
and
is
further
sandboxed
on
most
major
platforms,”
OpenSSH
disclosed
in
its
release
notes
on
February
2,
2023.
Credited
with
reporting
the
flaw
to
OpenSSH
in
July
2022
is
security
researcher
Mantas
Mikulenas.
OpenSSH
is
the
open
source
implementation
of
the
secure
shell
(SSH)
protocol
that
offers
a
suite
of
services
for
encrypted
communications
over
an
unsecured
network
in
a
client-server
architecture.
“The
exposure
occurs
in
the
chunk
of
memory
freed
twice,
the
‘options.kex_algorithms,'”
Qualys
researcher
Saeed
Abbasi
said,
adding
the
issue
results
in
a
“double
free
in
the
unprivileged
sshd
process.”
Double
free
flaws
arise
when
a
vulnerable
piece
of
code
calls
the
free()
function
–
which
is
used
to
deallocate
memory
blocks
–
twice,
leading
to
memory
corruption,
which,
in
turn,
could
lead
to
a
crash
or
execution
of
arbitrary
code.
“Doubly
freeing
memory
may
result
in
a
write-what-where
condition,
allowing
an
attacker
to
execute
arbitrary
code,”
MITRE
notes
in
its
description
of
the
flaw.
“While
the
double-free
vulnerability
in
OpenSSH
version
9.1
may
raise
concerns,
it
is
essential
to
note
that
exploiting
this
issue
is
no
simple
task,”
Abbasi
explained.
“This
is
due
to
the
protective
measures
put
in
place
by
modern
memory
allocators
and
the
robust
privilege
separation
and
sandboxing
implemented
in
the
impacted
sshd
process.”
Users
are
recommended
to
update
to
OpenSSH
9.2
to
mitigate
potential
security
threats.
this
article
interesting?
Follow
us
on
and
to
read
more
exclusive
content
we
post.
About Author
