Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
148
Views
0
Helpful
0
Replies

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin

rsissi
Level 1
Level 1

‎04-22-2024 02:31 AM 

Good morning, the OpenSSH vulnerability has been published 02/03/2023

CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. 
The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space.
One third-party report states "remote code execution is theoretically possible."

As I have checked, I have the latest version on 2 Secure Mail Gateway C390 and 2 Gateway C395, with version 15.0.1-030.
How do I solve the indicated vulnerability?

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents