oss-sec mailing list archives
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)
From: Georgi Guninski <gguninski () gmail com>
Date: Mon, 6 Mar 2023 09:53:06 +0200
On Mon, Feb 13, 2023 at 2:05 PM Qualys Security Advisory <qsa () qualys com> wrote:
Hi all, On Thu, Feb 02, 2023 at 01:02:04PM +0000, Qualys Security Advisory wrote:Exploiting this vulnerability will not be easy: modern memory allocators provide protections against double frees, and the impacted sshd process is unprivileged and heavily sandboxed.Quick update: we were able to gain arbitrary control of the "rip"
So besides the double free bug you managed to circumvent the mitigation in both linux and openbsd, right? Did you find weakness in the mitigation or did you find fundamental way to exploit double free?
Current thread:
- double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Matthias Schmidt (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 13)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Demi Marie Obenour (Feb 22)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 23)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Georgi Guninski (Mar 06)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Mar 09)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)