New OpenSSH flaws expose SSH servers to MiTM and DoS attacks – BleepingComputer
Microsoft reminds admins to prepare for WSUS driver sync deprecationNew OpenSSH flaws expose SSH servers to MiTM and DoS attacksChase will soon block Zelle payments to sellers on social mediaLee Enterprises newspaper disruptions caused by ransomware attackCISA and FBI: Ghost ransomware breached orgs in 70 countriesPhishing attack hides JavaScript using invisible Unicode trickDesktop access is possible anywhere with this AnyViewer deal, now $60New FrigidStealer infostealer infects Macs via fake browser updatesHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeOpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.Qualys discovered both vulnerabilities and demonstrated their exploitability to OpenSSH’s maintainers.OpenSSH (Open Secure Shell) is a free, open-source implementation of the SSH (Secure Shell) protocol, which provides encrypted communication for secure remote access, file transfers, and tunneling over untrusted networks.It is one of the most widely used tools in the world, with high levels of adoption across Linux and Unix-based (BSD, macOS) systems found in enterprise environments, IT, DevOps, cloud computing, and cybersecurity applications.The MiTM vulnerability, tracked under CVE-2025-26465, was introduced in December 2014 with the release of OpenSSH 6.8p1, so the issue remained undetected for over a decade.The flaw affects OpenSSH clients when the ‘VerifyHostKeyDNS’ option is enabled, allowing threat actors to perform MitM attacks.”The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to “yes” or “ask” (its default is “no”), requires no user interaction, and does not depend on the existence of an SSHFP resource record (an SSH fingerprint) in DNS,” explains Qualys.When enabled, due to improper error handling, an attacker can trick the client into accepting a rogue server’s key by forcing an out-of-memory error during verification.By intercepting an SSH connection and presenting a large SSH key with excessive certificate extensions, the attacker can exhaust the client’s memory, bypass host verification, and hijack the session to steal credentials, inject commands, and exfiltrate data. Although the ‘VerifyHostKeyDNS’ option is disabled by default in OpenSSH, it was enabled by default on FreeBSD from 2013 until 2023, leaving many systems exposed to these attacks.The second vulnerability is CVE-2025-26466, a pre-authentication denial of service flaw introduced in OpenSSH 9.5p1, released in August 2023.The issue arises from an unrestricted memory allocation during the key exchange, leading to uncontrolled resource consumption.An attacker can repeatedly send small 16-byte ping messages, which forces OpenSSH to buffer 256-byte responses without immediate limits.During the key exchange, these responses are stored indefinitely, leading to excessive memory consumption and CPU overload, potentially causing system crashes.The repercussions of exploitation of CVE-2025-26466 may not be as severe as the first flaw, but the fact that it’s exploitable before authentication maintains a very high risk for disruption.The OpenSSH team published version 9.9p2 earlier today, which addresses both vulnerabilities, so everyone is recommended to move to that release as soon as possible.Additionally, it is recommended to disable VerifyHostKeyDNS unless absolutely necessary and rely on manual key fingerprint verification to ensure secure SSH connections.Regarding the DoS problem, administrators are encouraged to enforce strict connection rate limits and monitor SSH traffic for abnormal patterns to stop potential attacks early.More technical details about the two flaws are available by Qualys here.Laravel admin package Voyager vulnerable to one-click RCE flawCisco warns of denial of service flaw with PoC exploit codeOver 660,000 Rsync servers exposed to code execution attacksHackers exploit DoS flaw to disable Palo Alto Networks firewallsPalo Alto Networks tags new firewall bug as exploited in attacksNot a member yet? Register NowGoogle Chrome’s AI-powered security feature rolls out to everyoneChase will soon block Zelle payments to sellers on social mediaNew FinalDraft malware abuses Outlook mail service for stealthy commsGet the GOAT Guide to learn how to start validating, start defending, and start winning.Get the GOAT Guide to learn how to start validating, start defending, and start winning.Request your complimentary data risk assessment for AWS5 Browser Security Threats Overlooked by Security Tools. Get the Free ReportRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Terms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
