Openssh developers released the Openssh 9.2 version to eliminate a number of shortcomings, including the vulnerability, which manifests itself at the opening stage on the Openssh server ( SSHD).
Pre-authentication (double release) vulnerability to Opensh 9.1 CVE-2023-25136 occurs in the non -vileped process of preliminary authentication, which is subjected to operation “Chroot” and is additionally isolated on most of the main platforms.
Chroot – Operation of a change in the root catalog in the Unix -like OS. A program running with a changed root catalog will only have access to files contained in this catalog.
Openssh is the implementation of the security (SSH) protocol with open source, which offers a set of services for an encrypted network in an unprotected network in the architecture of a client -server.
DISULITYS OF DIOLLECTION arise when a vulnerable fragment of code causes the function “ free () ” ” which is used to free memory blocks twice, which leads to damage to memory and to further failure or execution of arbitrary code.
Security researcher from Qualys Said Abbasi said that the impact takes place in the memory block freed twice – ‘Options.kex_algorithms’. He also added that the problem leads to “Double Liberation in the Unbileped SSHD process.”
Abassi explained that the active exploitation of vulnerability is unlikely, since the process of use is too complicated – modern memory distribution libraries provide protection against dual memory liberation, and the PRE -AUTH process, which has an error, is performed with reduced privileges in the isolated sandbox.