OpenSSH Developers released version of OpenSSH 9.2 to fix a number of deficiencies, including a vulnerability that manifests itself in the authentication phase on the OpenSSH server (sshd).

Preauthentication (double free) vulnerability in OpenSSH 9.1 CVE-2023-25136 occurs in an unprivileged pre-authentication process that undergoes a “chroot” operation and is further sandboxed on most major platforms.

Chroot is the operation of changing the root directory in Unix-like operating systems. A program launched with a changed root directory will only have access to the files contained in that directory.

OpenSSH is an open source implementation of the Secure Shell (SSH) protocol that offers a set of services for encrypted communication over an insecure network in a client-server architecture.

The disadvantages of double freeing occur when a vulnerable piece of code calls the ” free() ‘ which is used to free blocks of memory twice, resulting in memory corruption and further crash or arbitrary code execution.

Qualys security researcher Saeed Abbasi said that the impact occurs in a block of memory freed twice – ‘options.kex_algorithms’. He also added that the problem results in “a double free in an unprivileged sshd process”.

Abassi explained that active exploitation of the vulnerability is unlikely, since the exploitation process is too complicated – modern memory allocation libraries provide protection against double freeing of memory, and the “pre-auth” process, in which the error is present, is executed with reduced privileges in an isolated sandbox.