CVE-2023-25136: 
NixOS vulnerability analysis and mitigation

OpenSSH server (sshd) version 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. The vulnerability was discovered in January 2023 and fixed in OpenSSH 9.2. The issue affects only OpenSSH 9.1 released in October 2022, and can be triggered in the default configuration of the OpenSSH server (JFrog Blog, OSS Security).

The vulnerability occurs when a specific sequence of events leads to options.kexalgorithms being freed twice. The first free happens in dossh2kex() via compatkexproposal() when the SSHOLDDHGEX compatibility bit is set and SSHBUGCURVE25519PAD is not set. The second free occurs during authentication through a chain of function calls: doauthentication2() -> inputuserauthrequest() -> mmgetpwnamallow() -> copysetserveroptions() -> assemblealgorithms() -> kexassemble_names(). The double free can be triggered by modifying the client version string to appear as an old client like 'FuTTY' (OSS Security, JFrog Blog).

The vulnerability allows an unauthenticated remote attacker to trigger a double-free condition in the pre-authentication phase. When successfully exploited, it can lead to arbitrary control of the instruction pointer (RIP register) and potentially remote code execution when no memory protections are applied. However, the impact is limited by OpenSSH's security measures including privilege separation and sandboxing mechanisms (JFrog Blog, OSS Security).

The primary mitigation is to upgrade to OpenSSH version 9.2 or later, which contains the fix for this vulnerability. The fix involves modifying the handling of key exchange algorithms to prevent the double-free condition. For systems that cannot immediately upgrade, there are no known workarounds, but the exploitation risk is partially mitigated by modern memory allocator protections and OpenSSH's security measures (NVD, JFrog Blog).