SoylentNews

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks [thehackernews.com]:

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.

The vulnerabilities, detailed [qualys.com] by the Qualys Threat Research Unit (TRU), are listed [qualys.com] below -

• CVE-2025-26465 - The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it (Introduced in December 2014)
• CVE-2025-26466 - The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption (Introduced in August 2023)

"If an attacker can perform a man-in-the-middle attack via CVE-2025-26465, the client may accept the attacker's key instead of the legitimate server's key," Saeed Abbasi, manager of product at Qualys TRU, said.

"This would break the integrity of the SSH connection, enabling potential interception or tampering with the session before the user even realizes it."

In other words, a successful exploitation could permit malicious actors to compromise and hijack SSH sessions, and gain unauthorized access to sensitive data. It's worth noting that the VerifyHostKeyDNS option is disabled by default.

Repeated exploitation of CVE-2025-26466, on the other hand, can result in availability issues, preventing administrators from managing servers and locking legitimate users out, effectively crippling routine operations.

Both the vulnerabilities have been addressed [openssh.com] in version OpenSSH 9.9p2 released today by OpenSSH maintainers.

The disclosure comes over seven months after Qualys shed light on another OpenSSH flaw dubbed regreSSHion [thehackernews.com] (CVE-2024-6387) that could have resulted in unauthenticated remote code execution with root privileges in glibc-based Linux systems.

Found this article interesting? Follow us on Twitter [twitter.com] and LinkedIn [linkedin.com] to read more exclusive content we post.

urgent-updates dept.

Debian: DSA-5868-1: openssh Security Advisory Updates [linuxsecurity.com]:

- ------------------------------------------------------------------------- Debian Security Advisory DSA-5868-1 security@debian.org https://www.debian.org/security/ [debian.org] Salvatore Bonaccorso February 18, 2025 https://www.debian.org/security/faq [debian.org] - ------------------------------------------------------------------------- Package : openssh CVE ID : CVE-2025-26465 The Qualys Threat Research Unit (TRU) discovered that the OpenSSH client is vulnerable to a machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (disabled by default). Details can be found in the Qualys advisory at https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt [qualys.com] For the stable distribution (bookworm), this problem has been fixed in version 1:9.2p1-2+deb12u5. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh [debian.org] Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ [debian.org] Mailing list: debian-security-announce@lists.debian.org

Original Submission