OpenSSH maintainers have released OpenSSH 9.2 to address a number of security bugs, including a memory security vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the deficiency was classified as a pre-authentication missing vulnerability that was introduced in version 9.1.
“This is not believed to be exploitable, and occurs in the unprivileged preauthorization process which is subject to chroot(2) and is more sandboxed on most major platforms,” OpenSSH revealed in its release notes on February 2. of 2023.
Credited for reporting the flaw to OpenSSH in July 2022 is security researcher Mantas Mikulenas.
OpenSSH is the open source implementation of the Secure Shell (SSH) protocol that offers a set of services for encrypted communications over an unsecured network in a client-server architecture.
“The exposure occurs in the twice freed portion of memory, the ‘options.kex_algorithms’,” said Saeed Abbasi, a vulnerability research manager at Qualys, adding that the issue results in a “double free in the sshd process without privileges”.
Double free faults arise when a vulnerable piece of code calls the function free(), which is used to deallocate blocks of memory, twice, causing memory corruption, which, in turn, could cause a crash. blocking or execution of arbitrary code.
“Double freeing of memory can result in a write what where condition, allowing an attacker to execute arbitrary code,” MITRE notes in its flaw description.
“While the double free vulnerability in OpenSSH version 9.1 may raise concerns, it is essential to note that exploiting this issue is not a simple task,” Abbasi explained.
“This is due to protection measures implemented by modern memory allocators and strong privilege separation and sandboxing implemented on the affected sshd process.”
Users are recommended to upgrade to OpenSSH 9.2 to mitigate potential security threats.