CVE-2023-40371

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 through 7.3 VIOS version 3.1

Description The issue is related to improper access controls in the OpenSSH implementation, which could allow a non-privileged local user to access files outside of those allowed. This could potentially lead to unauthorized access to confidential data. There is also a mention of a flaw in the forwarded ssh-agent that could allow a remote attacker to execute arbitrary code on the system by sending specially crafted requests.

Recommendations For IBM AIX versions 7.2 through 7.3, apply the ifix 38408 from openssh fix15, and then restart the sshd service to ensure the fix is applied. For VIOS version 3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.