CVE - CVE-2023-38408

CVE-ID
CVE-2023-38408	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20230803-0010/ CONFIRM:https://support.apple.com/kb/HT213940 CONFIRM:https://www.openssh.com/security.html CONFIRM:https://www.openssh.com/txt/release-9.3p2 FEDORA:FEDORA-2023-79a18e1725 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ FEDORA:FEDORA-2023-878e04f4ae URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ GENTOO:GLSA-202307-01 URL:https://security.gentoo.org/glsa/202307-01 MISC:http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html MISC:https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent MISC:https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 MISC:https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d MISC:https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca MISC:https://news.ycombinator.com/item?id=36790196 MISC:https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt MISC:https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408 MLIST:[debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update URL:https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html MLIST:[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent URL:http://www.openwall.com/lists/oss-security/2023/07/20/1 MLIST:[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released URL:http://www.openwall.com/lists/oss-security/2023/07/20/2 MLIST:[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list URL:http://www.openwall.com/lists/oss-security/2023/09/22/11 MLIST:[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list URL:http://www.openwall.com/lists/oss-security/2023/09/22/9
Assigning CNA
MITRE Corporation
Date Record Created
20230717	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20230717)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)