Qualys Security Advisory: MitM and DoS attacks against OpenSSH client and server
qualys.comMitM-able since 6.8 (December 2014) only if
> VerifyHostKeyDNS is "yes" or "ask" (it is "no" by default),
And DOS-able since 9.5 (2023) because of a new ping command.
> To confirm our suspicion, we adopted a dual strategy:
> - we manually audited all of OpenSSH's functions that use "goto", for missing resets of their return value;
> - we wrote a CodeQL query that automatically searches for functions that "goto out" without resetting their return value in the corresponding "if" code block.