PT-2023-3666 · Openssh+13 · Openssh+13
Baba Yaga
·
Publicado
2023-07-19
·
Atualizado
2026-05-13
·
CVE-2023-38408
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenSSH versions 7.9p1-alt4.gost.p10.1, 7.9p1-alt4.p10.6, 9.6p1-alt1.gost, 9.6p1-alt2.gost
Description
OpenSSH contains a vulnerability where the
ssh-agent component incorrectly handles loading certain PKCS#11 providers. This can allow a remote attacker to execute arbitrary code if a user has forwarded their ssh-agent to an untrusted system and that system contains malicious libraries. The vulnerability exists due to improper handling of library loading, potentially leading to the execution of untrusted code.Recommendations
Update OpenSSH to version 7.9p1-alt4.gost.p10.1, 7.9p1-alt4.p10.6, 9.6p1-alt1.gost, or 9.6p1-alt2.gost.
Exploit
Correção
LPE
RCE
Untrusted Search Path
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Astra Linux
Centos
Freebsd
Ibm Aix
Linuxmint
Apple Macos
Openssh
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu