![]() To dive deeper, we set up an environment with the vulnerable OpenSSH 9.1p1 and pulled a copy of the old PuTTY 0.64 version, released 8 years ago on February 28, 2015. In its report, Mantas mentions using PuTTY obsolete version 0.64, also attaching a back-trace of the double-free abort. The commit message indicates bz3522, which refers to the Bugzilla issue reported by the user Mantas Mikulėnas. Searching the OpenSSH’s GitHub repository, this is the fix commit. It immediately became clear this version is of interest because of the pre-auth double-free vulnerability. On February 2, 2023, OpenSSH released version 9.2p1 with this security advisory. With its ease of use and strong security features, OpenSSH has become an industry-standard tool for secure remote access. OpenSSH also supports a wide range of platforms including Linux, macOS, and Windows, making it a widely adopted tool across different operating systems. With the increasing use of cloud computing and remote access to servers, OpenSSH has become a crucial tool for system administrators and developers who need to access and manage remote systems securely. OpenSSH provides a secure and encrypted connection between two untrusted hosts over an insecure network, making it an essential tool for remote access and secure file transfer. It was developed as a free, open-source implementation of the Secure Shell (SSH) communications protocol and is widely used for various applications. OpenSSH is a popular tool used for secure communication and remote access. Therefore, we updated this blog post and our impact analysis to “High”. Since the publication of this blog post, Qualys Security has managed to leverage this double-free for a limited remote code execution exploit in OpenBSD, when no security mitigations are applied. This blog post provides details on the vulnerability, who is affected, and a proof-of-concept to trigger it causing a Denial of Service (DoS). Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. OpenSSH’s newly released version 9.2p1 contains a fix for a double-free vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |