OpenSSH server 9.5p1 - 9.9p1 DoS (PoC)# OpenSSH DoS Exploit (CVE-2025-26466)
<img width="1018" alt="Screenshot 2025-02-18 at 23 28 46" src="https://github.com/user-attachments/assets/c6188478-9d1d-481c-a5b3-df1f5ac434a1" />
## Description
This exploit targets a denial-of-service (DoS) vulnerability in OpenSSH (CVE-2025-26466). The vulnerability allows unauthenticated attackers to consume excessive memory and CPU resources by sending a large number of specially crafted SSH2_MSG_PING packets during the key exchange process. This can cause the SSH server to become unresponsive or crash due to resource exhaustion.
## Affected Versions
- OpenSSH 9.5p1 - 9.9p1 are vulnerable.
- Earlier versions are not affected unless manually patched with the vulnerable feature.
## How It Works
- The script establishes multiple connections to the target SSH server.
- It sends a large volume of SSH2_MSG_PING packets.
- The server buffers responses indefinitely, leading to high RAM consumption.
- If enough packets are sent, the server's memory and CPU usage will spike, causing a DoS condition.
## Usage
```sh
python3 CVE-2025-26466.py --host <target_ip> --port 22 --count 500 --threads 100000000
```
### Parameters:
- `--host` : Target SSH server IP address.
- `--port` : Target SSH port (default: 22).
- `--count` : Number of packets to send (default: 500).
- `--threads` : Number of concurrent attack threads (default: 100000000).
## Mitigation
- Upgrade OpenSSH to a patched version that mitigates CVE-2025-26466.
- Configure `LoginGraceTime`, `MaxStartups`, and `PerSourcePenalties` to limit unauthenticated connections.
- Use firewall rules to rate-limit SSH connections.
## Disclaimer
This script is provided for educational and testing purposes only. Use it only on systems you have explicit permission to test. Unauthorized use against third-party systems may be illegal and is strictly prohibited.
[4.0K] /data/pocs/55b450cbc722e12bce9ee1c4d177c1e36fd62f66
├── [1.9K] CVE-2025-26466.py
└── [1.8K] README.md
0 directories, 2 files