← volver
CVE-2023-38408

CVE-2023-38408

CVSS 9.8 CRITICALEPSS 76.8%CWE-428
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas10
githubgithub.com/kali-mx/CVE-2023-3840852githubgithub.com/LucasPDiniz/CVE-2023-3840845githubgithub.com/TX-One/CVE-2023-384087githubgithub.com/Adel2411/cve-2023-384085githubgithub.com/mrtacojr/CVE-2023-384081githubgithub.com/nonosticisiguzo-command/nmap-scan-results0githubgithub.com/wxrdnx/CVE-2023-384080githubgithub.com/fazilbaig1/cve_2023_38408_scanner0githubgithub.com/xitexploiter96-dot/CVE-2023-384080cve_referencepacketstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttps://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agenthttps://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351dhttps://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7cahttps://lists.debian.org/debian-lts-announce/2023/08/msg00021.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/https://news.ycombinator.com/item?id=36790196https://security.gentoo.org/glsa/202307-01https://security.netapp.com/advisory/ntap-20230803-0010/https://support.apple.com/kb/HT213940