TPS-2025-001 OpenSSH CVE-2025-26465 & CVE-2025-26465
Overview
The Qualys Security Advisory team discovered two vulnerabilities in OpenSSH 9.9p1. From the OpenSSH 9.9p2 release notes:
-
CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNSoption is enabled. This option is off by default. -
CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature.
Actions Taken by Us
The latest SmartOS platform release contains OpenSSH 9.9p2. We recommend you update to this platform, via any of the methods mentioned below.
Actions You Need to Take
Workaround
CVE-2025-26455 is only an issue if the VerifyHostKeyDNS option is enabled,
which is not in default OpenSSH, nor in default SmartOS.
CVE-2025-26466 can be mitigated by further use of the PerSourcePenalties
option in sshd_config(5). Using this option for SmartOS global zones means
re-enabling it in /etc/ssh/sshd_config upon every boot (including
restarting the ssh service). SmartOS non-global zones can have persistent
changes for this in /etc/ssh/sshd_config.
SmartOS users (Triton or stand-alone)
Compute nodes should be rebooted to platform image 20250220T074131Z or later to eliminate the potential vulnerability.
For Triton users
Execute the following commands from the headnode.
sdcadm platform install 20250220T074131Z -C release
sdcadm platform assign 20250220T074131Z --all
sdcadm platform set-default 20250220T074131Z
Schedule reboots for all compute nodes.
For SmartOS users with piadm
piadm install 20250220T074131Z
piadm activate 20250220T074131Z
Reboot the node.
For other SmartOS users
Update your boot media to use image 20250220T074131Z then reboot the node. Boot images are available from:
https://us-central.manta.mnx.io/Joyent_Dev/public/SmartOS/smartos.html
Support
If you are a MNX customer and have any further questions or concerns after reading the information provided above, please contact MNX Support.
If you are an Open Source SmartOS/Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.