We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | mitre |
Reserved | 2023-07-17 |
Published | 2023-07-20 |
Updated | 2024-08-02 |
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
https://news.ycombinator.com/item?id=36790196
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
https://www.openssh.com/txt/release-9.3p2
https://www.openssh.com/security.html
https://security.gentoo.org/glsa/202307-01 (GLSA-202307-01)
http://www.openwall.com/lists/oss-security/2023/07/20/1 ([oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent)
http://www.openwall.com/lists/oss-security/2023/07/20/2 ([oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released)
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ (FEDORA-2023-878e04f4ae)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ (FEDORA-2023-79a18e1725)
https://security.netapp.com/advisory/ntap-20230803-0010/
https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html ([debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update)
http://www.openwall.com/lists/oss-security/2023/09/22/9 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list)
http://www.openwall.com/lists/oss-security/2023/09/22/11 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list)
https://support.apple.com/kb/HT213940
https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408