In early 2025, a new security vulnerability was discovered in OpenSSH. Tracked as CVE-2025-26465, this issue impacts OpenSSH clients when the VerifyHostKeyDNS option is turned on. The scenario exposes systems to a rare but dangerous machine-in-the-middle (MITM) attack under specific, complex conditions. This write-up breaks down what the bug is, how it can be abused, and what makes it difficult, with clear code snippets and direct references.

What's the Issue?

VerifyHostKeyDNS is an OpenSSH client feature that lets you verify a server's host key using DNS (with DNSSEC). If you connect to a server with this enabled, the client will check for a special DNS record that should match the server's real key.

CVE-2025-26465 arises because OpenSSH doesn't handle error codes properly when things go wrong during this DNS host key verification. An attacker—if they can also exhaust the machine’s memory while manipulating DNS responses—could convince the OpenSSH client to trust their fake server.

Attacker's role:

- The attacker must *first* exhaust the client's memory (using methods like flooding DNS queries or other resource-intensive tasks).

Then, intercept the connection, return malicious DNS responses, and mimic the real server.

Note: This attack is *difficult* and needs control over network traffic and sophisticated resource attack methods.

Excerpt from affected OpenSSH source (hostfile.c)

int
check_host_key_dns(const char *hostname, Key *hostkey, int *flags)
{
    ...
    ret = verify_sshfp(hostname, hostkey); // this may return error on OOM
    if (ret == -1) {
        // Incorrect: should handle error, but may fall through
        ret = ;
    }
    /* ret== now treated as if everything's fine! */
    ...
}

Comment: If verify_sshfp returns a memory error (e.g., because the attacker's memory exhaustion tactics worked), the code resets ret to and continues—as if nothing happened. That’s the flaw.

Below is a conceptual sequence exploiting CVE-2025-26465

[Victim SSH client] --------(connects)--------> [Attacker (MITM)]
                         |
               [DNS lookup] --Attacker saturates the client's memory--
                         |
            [Poisoned DNS SSHFP return / error]
                         |
            [OpenSSH mishandles error; 'trusts' attacker host key]
                         |
              [Attacker's fake server returns fake credentials]

DNS Attack Snippet (Python-ish)

import socket
# Attacker floods client with large DNS packets to exhaust memory
for i in range(100000):
    s = socket.socket(...)  # UDP socket
    s.sendto(LARGE_FAKE_DNS_RESPONSE, (victim_ip, 53))

Goal: Run this in parallel to an SSH MITM proxy to starve the SSH process of available memory.

References

- OpenSSH Official Site
- CVE-2025-26465 at MITRE *(placeholder for as-published info)*
- DNS SSHFP Records Specification - RFC 4255

Conclusion

CVE-2025-26465 is a rare but critical example where a security feature can backfire with the right kind of attacker and situation. If you use VerifyHostKeyDNS in OpenSSH, keep your software updated, audit your DNS set-up, and avoid making your system an easy target for memory exhaustion. Always prefer multiple layers of host verification, and stay current on security advisories.

*Stay safe, stay vigilant!*

*Exclusive content by [your site]. Please reference this post and use the official advisories above for the latest information.*

Timeline

Published on: 02/18/2025 19:15:29 UTC
Last modified on: 02/19/2025 15:15:18 UTC