OpenSSH, the ubiquitous tool for secure remote access, has released version 9.9p2 to address two significant vulnerabilities, including a decade-old man-in-the-middle (MitM) flaw. Discovered by Qualys, these vulnerabilities pose a serious risk to systems relying on OpenSSH for secure communication.
OpenSSH, an open-source implementation of the Secure Shell (SSH) protocol, is fundamental to secure remote access, file transfers, and tunneling. Its widespread adoption across Linux, Unix-based systems (BSD, macOS), and various enterprise, IT, DevOps, cloud, and cybersecurity applications makes these vulnerabilities particularly concerning.
CVE-2025-26465: A Decade-Old MitM Vulnerability
The more critical of the two vulnerabilities, CVE-2025-26465, is a MitM flaw that has existed in OpenSSH clients since version 6.8p1, released in December 2014. This vulnerability affects clients with the VerifyHostKeyDNS option enabled.
Qualys researchers demonstrated that an attacker can exploit this flaw regardless of whether VerifyHostKeyDNS is set to “yes” or “ask.” By intercepting an SSH connection and presenting a large SSH key with excessive certificate extensions, an attacker can trigger an out-of-memory error on the client. This bypasses host key verification, allowing the attacker to hijack the session. Successful exploitation grants the attacker the ability to steal credentials, inject commands, and exfiltrate data.
While VerifyHostKeyDNS is disabled by default, its default-on status in FreeBSD from 2013 to 2023 exposed a significant number of systems to this vulnerability.
CVE-2025-26466: Pre-Authentication Denial of Service
The second vulnerability, CVE-2025-26466, is a pre-authentication denial-of-service (DoS) flaw introduced in OpenSSH 9.5p1, released in August 2023. This flaw stems from unrestricted memory allocation during the key exchange process.
By repeatedly sending small 16-byte ping messages, an attacker can force the OpenSSH server to buffer 256-byte responses without immediate limits. These responses are stored indefinitely during the key exchange, leading to excessive memory consumption and CPU overload, potentially causing system crashes. While perhaps not as impactful as the MitM flaw, the pre-authentication nature of this DoS vulnerability makes it a significant threat for disruption.
Mitigation and Recommendations
OpenSSH version 9.9p2 addresses both vulnerabilities. Users and administrators are strongly advised to upgrade to this version immediately.
In addition to upgrading, disabling the VerifyHostKeyDNS option unless absolutely necessary is recommended. Manual key fingerprint verification is a more secure alternative for ensuring secure SSH connections.
To mitigate the DoS risk, administrators should implement connection rate limits and actively monitor SSH traffic for unusual patterns. This can help detect and stop potential attacks before they cause significant disruption. The discovery of these vulnerabilities underscores the importance of ongoing security vigilance and the prompt application of security updates.
Leave a Reply