Medium: openssh

🗓️ 21 Mar 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

OpenSSH before 9.6 may allow command injection from metacharacters in usernames or hostnames.

Reporter	Title	Published	Views	Family All 246
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]	3 Oct 202417:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].	20 May 202509:21	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol	4 Feb 202518:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-46813, CVE-2023-51385, CVE-2023-48795)	17 Jul 202414:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	18 Aug 202514:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	15 Apr 202502:50	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH	14 Mar 202420:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]	12 Nov 202412:45	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]	23 Feb 202417:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus	20 Mar 202418:36	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	openssh	8.7p1-8.amzn2023.0.10	openssh-8.7p1-8.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	openssh	8.7p1-8.amzn2023.0.10	openssh-8.7p1-8.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	openssh-clients	8.7p1-8.amzn2023.0.10	openssh-clients-8.7p1-8.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	openssh-clients	8.7p1-8.amzn2023.0.10	openssh-clients-8.7p1-8.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	openssh-clients-debuginfo	8.7p1-8.amzn2023.0.10	openssh-clients-debuginfo-8.7p1-8.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	openssh-clients-debuginfo	8.7p1-8.amzn2023.0.10	openssh-clients-debuginfo-8.7p1-8.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	openssh-debuginfo	8.7p1-8.amzn2023.0.10	openssh-debuginfo-8.7p1-8.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	openssh-debuginfo	8.7p1-8.amzn2023.0.10	openssh-debuginfo-8.7p1-8.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	openssh-debugsource	8.7p1-8.amzn2023.0.10	openssh-debugsource-8.7p1-8.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	openssh-debugsource	8.7p1-8.amzn2023.0.10	openssh-debugsource-8.7p1-8.amzn2023.0.10.x86_64.rpm

21 Mar 2024 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.5

EPSS0.17234

SSVC

OpenSSH command injection shell metacharacters usernames hostnames CVE-2023-51385 update openssh