OpenSSH Machine-in-the-Middle Vulnerability When VerifyHostKeyDNS is Enabled

A vulnerability exists in OpenSSH versions 6.8p1 through 9.9p1, allowing a machine-in-the-middle (MitM) attack on the OpenSSH client. This vulnerability is triggered when the VerifyHostKeyDNS option is enabled, which is not the default setting. The issue arises from a logic error in how OpenSSH handles error codes during host key verification, enabling an attacker to impersonate a legitimate server and bypass identity checks. For the attack to succeed, the attacker must first exhaust the client's memory, increasing the complexity of the exploitation.

Impact

Exploitation allows an attacker to impersonate a server, bypassing identity verification and potentially leading to interception or manipulation of data in what is assumed to be a secure SSH connection. This could allow interception of credentials or hijacking of sessions, with the possibility of lateral movement across servers and exfiltration of sensitive information, such as database credentials.

Reproduction

The vulnerability can be reproduced by enabling the VerifyHostKeyDNS option on an OpenSSH client version 9.6p1 or earlier. When the client connects to an SSH server, an attacker can impersonate the server by exhausting the client's memory, causing the SSH key verification process to fail. This can be done by sending a large fake host key that consumes memory, taking advantage of the client's error handling.

Remediation

Users can upgrade to OpenSSH version 9.9p2, which addresses this vulnerability. Instructions for applying this update are available on the Red Hat Customer Portal.