two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled `VerifyHostKeyDNS`, the other allowed pre-auth DoS

blog.qualys.com

two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled `VerifyHostKeyDNS`, the other allowed pre-auth DoS

blog.qualys.com

Arthur Besse@lemmy.ml to

Self Hosted - Self-hosting your services.@lemmy.mlEnglish · 1 day ago

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog

blog.qualys.com

The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the…

cross-posted from: https://lemmy.ml/post/26304038

from the OpenSSH 9.9p2 release announcement:


This release fixes two security bugs.

Security
========

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

You must log in or register to comment.

Chat

Self Hosted - Self-hosting your services.@lemmy.ml

selfhost@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Lemmy doesn’t have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.

Cross-posting

[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed!
[email protected] is allowed if topic has to do with selfhosting.
[email protected] is allowed!

If you see a rule-breaker please DM the mods!

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

5 users / day
47 users / week
173 users / month
178 users / 6 months
1 local subscriber
12.2K subscribers
59 Posts
100 Comments
Modlog

two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled VerifyHostKeyDNS, the other allowed pre-auth DoS

two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled VerifyHostKeyDNS, the other allowed pre-auth DoS

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog

two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled `VerifyHostKeyDNS`, the other allowed pre-auth DoS

two OpenSSH vulnerabilities fixed: one allowed MITM against clients which had enabled `VerifyHostKeyDNS`, the other allowed pre-auth DoS