Lucene search

K
almalinuxAlmaLinuxALSA-2024:1130
HistoryMar 05, 2024 - 12:00 a.m.

Moderate: openssh security update

2024-03-0500:00:00
errata.almalinux.org
98
openssh
security update
prefix truncation attack
binary packet protocol
potential command injection
shell metacharacters
cve.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.9

Confidence

High

EPSS

0.965

Percentile

99.6%

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
  • openssh: potential command injection via shell metacharacters (CVE-2023-51385)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.9

Confidence

High

EPSS

0.965

Percentile

99.6%