oss-sec mailing list archives
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136)
From: Qualys Security Advisory <qsa () qualys com>
Date: Thu, 9 Mar 2023 13:34:58 +0000
Hi Georgi, On Mon, Mar 06, 2023 at 09:53:06AM +0200, Georgi Guninski wrote:
So besides the double free bug you managed to circumvent the mitigation in both linux and openbsd, right? Did you find weakness in the mitigation or did you find fundamental way to exploit double free?
We have not been able to do anything useful on Linux (glibc) yet. On OpenBSD, what we did works only because this double free is of the form "free(ptr); many other malloc() and free() calls; free(ptr);". If it were of the form "free(ptr); no other malloc() or free() call; free(ptr);" then this double free would be caught immediately by malloc's security checks. Hopefully this helps! With best regards, -- the Qualys Security Advisory team
Current thread:
- double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Matthias Schmidt (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 Qualys Security Advisory (Feb 02)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 13)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Demi Marie Obenour (Feb 22)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 23)
- Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Feb 21)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Georgi Guninski (Mar 06)
- Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Qualys Security Advisory (Mar 09)
- Re: double-free vulnerability in OpenSSH server 9.1 Georgi Guninski (Feb 02)