We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-38408



Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Reserved 2023-07-17 | Published 2023-07-20 | Updated 2024-10-15 | Assigner mitre

References

news.ycombinator.com/item?id=36790196

blog.qualys.com/...execution-in-opensshs-forwarded-ssh-agent

www.qualys.com/...-38408/rce-openssh-forwarded-ssh-agent.txt

github.com/...ommit/f8f5a6b003981bb824329dc987d101977beda7ca

github.com/...ommit/7bc29a9d5cd697290aa056e94ecee6253d3425f8

github.com/...ommit/f03a4faa55c4ce0818324701dadbf91988d7351d

www.openssh.com/txt/release-9.3p2

www.openssh.com/security.html

security.gentoo.org/glsa/202307-01 (GLSA-202307-01) vendor-advisory

www.openwall.com/lists/oss-security/2023/07/20/1 ([oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent) mailing-list

www.openwall.com/lists/oss-security/2023/07/20/2 ([oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released) mailing-list

packetstormsecurity.com/...-Agent-Remote-Code-Execution.html

lists.fedoraproject.org/...RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ (FEDORA-2023-878e04f4ae) vendor-advisory

lists.fedoraproject.org/...CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ (FEDORA-2023-79a18e1725) vendor-advisory

security.netapp.com/advisory/ntap-20230803-0010/

lists.debian.org/debian-lts-announce/2023/08/msg00021.html ([debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update) mailing-list

www.openwall.com/lists/oss-security/2023/09/22/9 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list) mailing-list

www.openwall.com/lists/oss-security/2023/09/22/11 ([oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list) mailing-list

support.apple.com/kb/HT213940

www.vicarius.io/...nsshs-agent-forwarding-rce-cve-2023-38408

cve.org (CVE-2023-38408)

nvd.nist.gov (CVE-2023-38408)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-38408

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.