CVE-2023-38408
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 10
githubgithub.com/kali-mx/CVE-2023-38408★ 52githubgithub.com/LucasPDiniz/CVE-2023-38408★ 45githubgithub.com/TX-One/CVE-2023-38408★ 7githubgithub.com/Adel2411/cve-2023-38408★ 5githubgithub.com/mrtacojr/CVE-2023-38408★ 1githubgithub.com/nonosticisiguzo-command/nmap-scan-results★ 0githubgithub.com/wxrdnx/CVE-2023-38408★ 0githubgithub.com/fazilbaig1/cve_2023_38408_scanner★ 0githubgithub.com/xitexploiter96-dot/CVE-2023-38408★ 0cve_referencepacketstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttps://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agenthttps://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351dhttps://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7cahttps://lists.debian.org/debian-lts-announce/2023/08/msg00021.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/https://news.ycombinator.com/item?id=36790196https://security.gentoo.org/glsa/202307-01https://security.netapp.com/advisory/ntap-20230803-0010/https://support.apple.com/kb/HT213940