The OpenSSH team has released version 9.2 of their open-source implementation of the secure shell (SSH) protocol to address various security vulnerabilities, including a pre-authentication double-free vulnerability in the OpenSSH server (sshd).
CVE-2023-25136: Pre-Authentication Double Free Vulnerability
Tracked as CVE-2023-25136, the vulnerability was classified as a pre-authentication double-free flaw and was introduced in version 9.1 of OpenSSH. The flaw was reported to OpenSSH by security researcher Mantas Mikulenas in July 2022.
The Impact of the Vulnerability
Double-free flaws occur when a piece of code calls the free() function, which is used to deallocate memory blocks, twice. This can lead to memory corruption, resulting in a crash or execution of arbitrary code. In the case of OpenSSH, the flaw results in a double free in the unprivileged sshd process and may lead to a write-what-where condition, allowing an attacker to execute arbitrary code.
Is the Vulnerability Exploitable?
While the double-free vulnerability in OpenSSH version 9.1 may raise concerns, it is important to note that exploiting this issue is not an easy task. The protective measures put in place by modern memory allocators and the robust privilege separation and sandboxing implemented in the impacted sshd process make it difficult to exploit the flaw.
OpenSSH’s Release Notes
According to OpenSSH’s release notes, the vulnerability is not believed to be exploitable. The exposure occurs in the chunk of memory freed twice, the ‘options.kex_algorithms.’ OpenSSH disclosed the vulnerability in its release notes on February 2, 2023.
Recommendation to Users
To mitigate potential security threats, users are recommended to update to OpenSSH 9.2. OpenSSH is the open-source implementation of the secure shell (SSH) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture.
In conclusion, updating to the latest version of OpenSSH is important for maintaining the security and privacy of encrypted communications over an unsecured network.
