OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

VTA-00431 – OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability


OpenSSH has released version 9.2 to address security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). The vulnerability, tracked as CVE-2023-25136, has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. It occurs when the ‘options.kex_algorithms’ chunk of memory is freed twice, leading to a double free in the unprivileged sshd process. This can result in memory corruption, and potentially, the execution of arbitrary code. However, OpenSSH notes that this vulnerability is not believed to be exploitable due to the protective measures in place such as modern memory allocators and robust privilege separation and sandboxing implementation.

Severity:
Medium

Attack Surfaces:
Remote Access Service

Tactics:
Execution, Privilege Escalation

Techniques:
Exploitation for Client Execution, Exploitation for Privilege Escalation

Active Defense Tactics:
Disrupt

Active Defense Techniques:
Software Manipulation, Standard Operating Procedure

SuperPRO’s Threat Countermeasures Procedures: 
Update OpenSSH to the latest patch. (OpenSSH 9.2/9.2p1)

Contributed by:  Aman

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>