We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Reserved 2023-07-17 | Published 2023-07-20 | Updated 2024-10-15 | Assigner mitrenews.ycombinator.com/item?id=36790196
blog.qualys.com/...execution-in-opensshs-forwarded-ssh-agent
www.qualys.com/...-38408/rce-openssh-forwarded-ssh-agent.txt
github.com/...ommit/f8f5a6b003981bb824329dc987d101977beda7ca
github.com/...ommit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
github.com/...ommit/f03a4faa55c4ce0818324701dadbf91988d7351d
www.openssh.com/txt/release-9.3p2
security.gentoo.org/glsa/202307-01 (GLSA-202307-01)
www.openwall.com/lists/oss-security/2023/07/20/1 ([oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent)
www.openwall.com/lists/oss-security/2023/07/20/2 ([oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released)
packetstormsecurity.com/...-Agent-Remote-Code-Execution.html
lists.fedoraproject.org/...RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ (FEDORA-2023-878e04f4ae)
lists.fedoraproject.org/...CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ (FEDORA-2023-79a18e1725)
security.netapp.com/advisory/ntap-20230803-0010/
lists.debian.org/debian-lts-announce/2023/08/msg00021.html ([debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update)
www.openwall.com/lists/oss-security/2023/09/22/9 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list)
www.openwall.com/lists/oss-security/2023/09/22/11 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list)
www.vicarius.io/...nsshs-agent-forwarding-rce-cve-2023-38408
Support options