March 21, 2023

OpenSSH 9.2 version has been released to address several security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).

The memory safety bug tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double-free vulnerability that was introduced in version 9.1.

OpenSSH is the open-source implementation of the secure shell (SSH) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture.

Advertisements

As per the release notes, “This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot and is further sandboxed on most major platforms,”

The exposure occurs in the chunk of memory freed twice, the ‘options.kex_algorithms,'” the issue results in a “double free in the unprivileged sshd process.”

Double-free flaws arise when a vulnerable piece of code calls the free() function – which is used to deallocate memory blocks twice, which leads to memory corruption, that which could lead to a crash or execution of arbitrary code.

Since the protective measures put in place by modern memory allocators and the robust privilege separation and sandboxing implemented in the impacted sshd process.

User are recommended to update to OpenSSH 9.2 to mitigate potential security threats

Tags:

Leave a Reply

You may have missed

Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
ForgeRock new Passwordless Service

ForgeRock new Passwordless Service

March 20, 2023
New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
Royal Dirkzwager hit by Play Ransomware

Royal Dirkzwager hit by Play Ransomware

March 20, 2023
Trigona Ransomware Disection

Trigona Ransomware Disection

March 19, 2023
Makop Ransomware Disection

Makop Ransomware Disection

March 19, 2023
%d bloggers like this: