Home > Cyber News > CVE-2023-25136: Pre-Authentication Double Free Issue in OpenSSH

CVE-2023-25136: Pre-Authentication Double Free Issue in OpenSSH

OpenSSH contains several new security vulnerabilities, one of which is the critical CVE-2023-25136. The flaw is a pre-authentication double free issue which was introduced in OpenSSH version 9.1. The vulnerability has been addressed in OpenSSH 9.2. The other good news is that exploiting it requires special conditions and is not considered easy.

CVE-2023-25136: What Is Known So Far?

According to the official description by National Vulnerability Database, “the double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that “exploiting this vulnerability will not be easy.”

OpenSSH says in its Release notes that the vulnerability “is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms.”

CVE-2023-25136: Pre-Authentication Double Free Issue in OpenSSH

The issue was introduced in July 2022 and was initially reported to OpenSSH Bugzilla in January 2023 by security researcher Mantas Mikulenas.

Why is exploiting CVE-2023-25136 so challenging? As explained by Qualys, the difficulty comes from the protective measures by modern memory allocators that are in place. In addition, the presence of robust privilege separation and sandboxing in the impacted sshd process are also another obstacle for easy exploitation.

Nonetheless, affected customers should upgrade to OpenSSH 9.2 as soon as possible. “The OpenSSH project has been instrumental in ensuring secure remote access to systems, and the recent release of 9.2 is a testament to their commitment to the community’s security,” Qualys added.

What Is OpenSSH?

OpenSSH is a connectivity tool for remote login with the SSH protocol. Its purpose is to encrypt all traffic and eliminate various attacks including eavesdropping and connection hijacking. OpenSSH administers a large variety of secure tunnelling capabilities, authentication methods, and configuration options.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree