Уязвимость CVE-2025-26465: Информация

Описание

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Важность: MEDIUM (6,8)
Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26465
Опубликовано: 18 февраля 2025 г.
Изменено: 12 мая 2026 г.
Идентификатор типа ошибки: CWE-390

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
opensshsisyphus9.6p1-alt39.6p1-alt6ALT-PU-2025-2941-3375192Исправлено
opensshsisyphus_e2k9.6p1-alt39.6p1-alt5ALT-PU-2025-5187-1-Исправлено
opensshsisyphus_riscv649.6p1-alt39.6p1-alt6ALT-PU-2025-3237-1-Исправлено
opensshsisyphus_loongarch649.6p1-alt39.6p1-alt6ALT-PU-2025-3282-1-Исправлено
opensshp119.6p1-alt39.6p1-alt5ALT-PU-2025-3001-3375194Исправлено
opensshp107.9p1-alt4.p10.77.9p1-alt4.p10.8ALT-PU-2025-3009-3375264Исправлено
opensshp10_e2k7.9p1-alt4.p10.77.9p1-alt4.p10.8ALT-PU-2025-4269-1-Исправлено
opensshp97.9p1-alt4.p10.77.9p1-alt4.p10.7ALT-PU-2025-3300-3375265Исправлено
opensshc10f27.9p1-alt4.p10.77.9p1-alt4.p10.8ALT-PU-2025-3005-3375266Исправлено
opensshc9f27.9p1-alt4.p10.77.9p1-alt4.p10.8ALT-PU-2025-3003-3375268Исправлено
openssh-gostcryptosisyphus9.6p1-alt3.gost9.6p1-alt6.gostALT-PU-2025-3023-2375252Исправлено
openssh-gostcryptop119.6p1-alt3.gost9.6p1-alt3.gostALT-PU-2025-3025-3375253Исправлено
openssh-gostcryptop107.9p1-alt4.gost.p10.47.9p1-alt4.gost.p10.5ALT-PU-2025-3011-3375269Исправлено
openssh-gostcryptop97.9p1-alt4.gost.p10.47.9p1-alt4.gost.p10.4ALT-PU-2025-3292-3375270Исправлено
openssh-gostcryptoc10f27.9p1-alt4.gost.p10.47.9p1-alt4.gost.p10.5ALT-PU-2025-3007-3375271Исправлено
openssh-gostcryptoc9f27.9p1-alt4.gost.p10.47.9p1-alt4.gost.p10.5ALT-PU-2025-3015-3375273Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://access.redhat.com/errata/RHSA-2025:16823
    https://access.redhat.com/errata/RHSA-2025:3837
      https://access.redhat.com/errata/RHSA-2025:6993
        https://access.redhat.com/errata/RHSA-2025:8385
          https://access.redhat.com/security/cve/CVE-2025-26465
          • Third Party Advisory
          https://access.redhat.com/solutions/7109879
            https://bugzilla.redhat.com/show_bug.cgi?id=2344780
            • Issue Tracking
            • Third Party Advisory
            https://seclists.org/oss-sec/2025/q1/144
            • Mailing List
            • Third Party Advisory
            http://seclists.org/fulldisclosure/2025/Feb/18
              http://seclists.org/fulldisclosure/2025/May/7
                http://seclists.org/fulldisclosure/2025/May/8
                  https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
                  • Third Party Advisory
                  https://bugzilla.suse.com/show_bug.cgi?id=1237040
                  • Issue Tracking
                  https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
                  • Patch
                  https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
                  • Third Party Advisory
                  https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
                  • Third Party Advisory
                  https://security-tracker.debian.org/tracker/CVE-2025-26465
                  • Third Party Advisory
                  https://security.netapp.com/advisory/ntap-20250228-0003/
                  • Third Party Advisory
                  https://ubuntu.com/security/CVE-2025-26465
                  • Third Party Advisory
                  https://www.openssh.com/releasenotes.html#9.9p2
                  • Release Notes
                  https://www.openwall.com/lists/oss-security/2025/02/18/1
                  • Mailing List
                  • Third Party Advisory
                  https://www.openwall.com/lists/oss-security/2025/02/18/4
                  • Mailing List
                  • Third Party Advisory
                  https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
                  • Press/Media Coverage
                  https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
                  • Third Party Advisory
                  https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
                  • Mitigation
                  • Third Party Advisory
                  https://cert-portal.siemens.com/productcert/html/ssa-082556.html
                    BDU:2025-01959
                        1. cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
                          Start including
                          6.9
                          End including
                          9.8
                          cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
                          cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*
                          cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*
                          cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
                          cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
                          cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
                          cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
                          cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
                          cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
                      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
                      Версия: v26.2.2
                      Наверх