![]() To dive deeper, we set up an environment with the vulnerable OpenSSH 9.1p1 and pulled a copy of the old PuTTY 0.64 version, released 8 years ago on February 28, 2015. In its report, Mantas mentions using PuTTY obsolete version 0.64, also attaching a back-trace of the double-free abort. The commit message indicates bz3522, which refers to the Bugzilla issue reported by the user Mantas Mikulėnas. ![]() Searching the OpenSSH’s GitHub repository, this is the fix commit. It immediately became clear this version is of interest because of the pre-auth double-free vulnerability. On February 2, 2023, OpenSSH released version 9.2p1 with this security advisory. With its ease of use and strong security features, OpenSSH has become an industry-standard tool for secure remote access. OpenSSH also supports a wide range of platforms including Linux, macOS, and Windows, making it a widely adopted tool across different operating systems. With the increasing use of cloud computing and remote access to servers, OpenSSH has become a crucial tool for system administrators and developers who need to access and manage remote systems securely. OpenSSH provides a secure and encrypted connection between two untrusted hosts over an insecure network, making it an essential tool for remote access and secure file transfer. It was developed as a free, open-source implementation of the Secure Shell (SSH) communications protocol and is widely used for various applications. OpenSSH is a popular tool used for secure communication and remote access. Therefore, we updated this blog post and our impact analysis to “High”. ![]() Since the publication of this blog post, Qualys Security has managed to leverage this double-free for a limited remote code execution exploit in OpenBSD, when no security mitigations are applied. This blog post provides details on the vulnerability, who is affected, and a proof-of-concept to trigger it causing a Denial of Service (DoS). Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. OpenSSH’s newly released version 9.2p1 contains a fix for a double-free vulnerability.
0 Comments
Leave a Reply. |