We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2023-38408

Reserved:2023-07-17
Published:2023-07-20
Updated:2024-04-04

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

References

https://news.ycombinator.com/item?id=36790196

https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca

https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8

https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d

https://www.openssh.com/txt/release-9.3p2

https://www.openssh.com/security.html

https://security.gentoo.org/glsa/202307-01 (GLSA-202307-01) vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/20/1 ([oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent) mailing-list

http://www.openwall.com/lists/oss-security/2023/07/20/2 ([oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released) mailing-list

http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ (FEDORA-2023-878e04f4ae) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ (FEDORA-2023-79a18e1725) vendor-advisory

https://security.netapp.com/advisory/ntap-20230803-0010/

https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html ([debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update) mailing-list

http://www.openwall.com/lists/oss-security/2023/09/22/9 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list) mailing-list

http://www.openwall.com/lists/oss-security/2023/09/22/11 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list) mailing-list

https://support.apple.com/kb/HT213940

https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408

cve.org CVE-2023-38408

nvd.nist.gov CVE-2023-38408

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-38408