The OpenSSH maintainers released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
This flaw, tracked as CVE-2023-25136, is classified as a pre-authentication double release vulnerability introduced in version 9.1.
“This is not believed to be exploitable and occurs in an unprivileged pre-authentication process that is subject to chroot(2) and is further sandboxed on most major platforms,” OpenSSH said in 2023. Clarified in the release notes dated 02/02/2019.
Credit to security researcher Mantas Mikulenas for reporting the flaw to OpenSSH in July 2022.
OpenSSH is an open source implementation of the Secure Shell (SSH) protocol that provides a set of services for encrypted communication over insecure networks within a client-server architecture.
Qualys researcher Saeed Abbasi said that “exposure occurs in ‘options.kex_algorithms’, a chunk of memory that is freed twice,” and that the issue is “freed twice in an unprivileged sshd process.” added.
A double free vulnerability occurs when vulnerable code calls the free() function (a function used to deallocate a block of memory) twice, leading to memory corruption that can lead to crashes or arbitrary code may lead to the execution of
“Double-freeing memory could result in a write-what-where condition that could allow an attacker to execute arbitrary code,” MITER said in the flaw description.
“While the OpenSSH version 9.1 double free vulnerability may raise concerns, it is essential to note that exploiting this issue is not a trivial task,” Abbasi explained.
“This is due to the protective measures introduced by modern memory allocators and the robust privilege separation and sandboxing implemented for the affected sshd process.”
We recommend updating to OpenSSH 9.2 to mitigate potential security threats.
