Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssh< 1:7.4p1-1openssh_1:7.4p1-1_all.deb
Debian11allopenssh< 1:7.4p1-1openssh_1:7.4p1-1_all.deb
Debian10allopenssh< 1:7.4p1-1openssh_1:7.4p1-1_all.deb
Debian999allopenssh< 1:7.4p1-1openssh_1:7.4p1-1_all.deb
Debian13allopenssh< 1:7.4p1-1openssh_1:7.4p1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssh	< 1:7.4p1-1	openssh_1:7.4p1-1_all.deb
Debian	11	all	openssh	< 1:7.4p1-1	openssh_1:7.4p1-1_all.deb
Debian	10	all	openssh	< 1:7.4p1-1	openssh_1:7.4p1-1_all.deb
Debian	999	all	openssh	< 1:7.4p1-1	openssh_1:7.4p1-1_all.deb
Debian	13	all	openssh	< 1:7.4p1-1	openssh_1:7.4p1-1_all.deb

myhack58 1

osv 3

seebug 1

nessus 86

alpinelinux 2

cloudlinux 1

prion 2

f5 2

cve 2

redhatcve 1

ubuntucve 2

packetstorm 2

zdt 1

openvas 9

freebsd 2

broadcom 1

ibm 19

amazon 3

freebsd_advisory 1

veracode 1

debiancve 1

fedora 1

archlinux 1

slackware 1

symantec 1

aix 1

oraclelinux 1

ubuntu 1

cloudfoundry 1

redhat 1

centos 1

debian 1

rosalinux 1

ics 2

apple 2

myhack58

OpenSSH is now in the risk of vulnerabilities can cause remote code execution-vulnerability warning-the black bar safety net

2016-12-21 00:00:00

osv

CVE-2016-10009

2017-01-05 02:59:03

CVE-2023-38408

2023-07-20 03:15:10

openssh - security update

2018-09-10 00:00:00

seebug

OpenSSH remote code execution vulnerability, CVE-2016-10009）

2016-12-21 00:00:00

nessus

Fedora 25 : openssh (2017-4767e2991d)

2017-01-10 00:00:00

F5 Networks BIG-IP : OpenSSH vulnerability (K31440025)

2018-12-17 00:00:00

EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1055)

2017-05-01 00:00:00

alpinelinux

CVE-2016-10009

2017-01-05 02:59:00

CVE-2023-38408

2023-07-20 03:15:10

cloudlinux

Fixed CVE-2016-10009 in openssh-5.3p1

2022-07-04 19:13:43

prion

Design/Logic Flaw

2017-01-05 02:59:00

Remote code execution

2023-07-20 03:15:00

K31440025 : OpenSSH vulnerability CVE-2016-10009

2017-01-24 00:00:00

K000135709 : OpenSSH vulnerability CVE-2023-38408

2023-08-02 00:00:00

cve

CVE-2016-10009

2017-01-05 02:59:00

CVE-2023-38408

2023-07-20 03:15:10

redhatcve

CVE-2016-10009

2016-12-20 07:47:25

ubuntucve

CVE-2016-10009

2017-01-04 00:00:00

CVE-2023-38408

2023-07-19 00:00:00

packetstorm

OpenSSH Arbitrary Library Loading

2016-12-23 00:00:00

OpenSSH Forwarded SSH-Agent Remote Code Execution

2023-07-20 00:00:00

zdt

OpenSSH 7.4 - agent Protocol Arbitrary Library Loading Vulnerability

2016-12-23 00:00:00

openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1054)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1055)

2020-01-23 00:00:00

Fedora Update for openssh FEDORA-2017-4767e2991d

2017-01-10 00:00:00

freebsd

FreeBSD -- OpenSSH multiple vulnerabilities

2017-01-11 00:00:00

openssh -- multiple vulnerabilities

2016-12-25 00:00:00

broadcom

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)

2023-11-07 00:00:00

ibm

Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)

2021-06-08 22:18:27

Security Bulletin: IBM MQ Appliance is affected by OpenSSH vulnerabilities

2019-08-13 19:08:35

amazon

Important: openssh

2023-08-17 11:39:00

Important: openssh

2023-08-03 18:09:00

Medium: openssh

2017-10-03 11:00:00

freebsd_advisory

FreeBSD-SA-17:01.openssh

2017-01-11 00:00:00

veracode

Remote Code Execution (RCE)

2023-07-20 11:22:49

debiancve

CVE-2023-38408

2023-07-20 03:15:10

fedora

[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25

2017-01-06 20:25:39

archlinux

[ASA-201612-20] openssh: multiple issues

2016-12-22 00:00:00

slackware

[slackware-security] openssh

2016-12-24 01:35:34

symantec

SA144 : OpenSSH Vulnerabilities January 2017

2017-03-02 08:00:00

aix

Vulnerabilities in OpenSSH affect AIX.

2017-02-05 23:36:10

oraclelinux

openssh security, bug fix, and enhancement update

2017-08-07 00:00:00

ubuntu

OpenSSH vulnerabilities

2018-01-22 00:00:00

cloudfoundry

USN-3538-1: OpenSSH vulnerabilities | Cloud Foundry

2018-02-01 00:00:00

redhat

(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update

2017-08-01 05:57:17

centos

openssh, pam_ssh_agent_auth security update

2017-08-24 01:40:16

debian

[SECURITY] [DLA 1500-1] openssh security update

2018-09-10 08:44:17

rosalinux

Advisory ROSA-SA-2021-1938

2021-07-02 17:38:20

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

apple

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite

2017-03-27 00:00:00

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support

2017-08-29 02:52:03

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.102 Low

EPSS

Percentile

94.8%

JSON

Related for DEBIANCVE:CVE-2016-10009