SSH: OpenSSH Sshd SSH_OLD_DHGEX Handling Double Free
This signature detects attempts to exploit a known vulnerability against OpenSSH SSH_OLD_DHGEX. A successful attack can lead to arbitrary code execution.
Extended Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Affected Products
Openbsd openssh
Short Name
SSH:OPENSSH:DHGEX-DBLEFREE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SSH
Keywords
CVE-2023-25136 Double Free Handling OpenSSH SSH_OLD_DHGEX Sshd
Release Date
03/10/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3682
False Positive
Unknown
Vendors
Openbsd
Fedoraproject
Netapp