Source: BankInfoSecurity.com RSS Syndication Author: unknown URL: https://www.bankinfosecurity.com/proof-of-concept-exploits-published-for-2-new-openssh-bugs-a-27544
-
ONE SENTENCE SUMMARY: Two new OpenSSH vulnerabilities enable man-in-the-middle attacks and denial of service, prompting urgent patching to mitigate security risks.
-
MAIN POINTS:
-
Two OpenSSH vulnerabilities (CVE-2025-26465, CVE-2025-26466) expose millions of servers to security threats.
-
The man-in-the-middle flaw (CVE-2025-26465) allows attackers to impersonate servers and intercept SSH sessions.
-
The denial of service flaw (CVE-2025-26466) enables resource exhaustion attacks using SSH2_MSG_PING packets.
-
OpenSSH patched both flaws in version 9.9p2, released on February 18, 2025.
-
The man-in-the-middle attack requires the VerifyHostKeyDNS option to be enabled, which is disabled by default.
-
FreeBSD had VerifyHostKeyDNS enabled by default from September 2013 until March 2023.
-
The denial of service attack can be mitigated using built-in OpenSSH mechanisms like LoginGraceTime and MaxStartups.
-
Qualys Security Advisory team discovered and reported the flaws to OpenSSH on January 31, 2025.
-
Proof-of-concept exploit code was published by Qualys on the same day OpenSSH released patches.
-
Urgent upgrading to OpenSSH 9.9p2 is recommended to prevent potential exploits.
-
TAKEAWAYS:
-
Immediate patching is crucial to mitigate OpenSSH vulnerabilities and prevent potential attacks.
-
Organizations should verify their SSH configurations, especially the VerifyHostKeyDNS setting.
-
Built-in OpenSSH security mechanisms can help reduce denial of service risks.
-
Attackers could exploit these flaws to intercept credentials or disrupt server operations.
-
Security teams must stay updated on vulnerabilities and apply patches as soon as they are released.