Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-38408HistoryJul 20, 2023 - 3:15 a.m.
CVE-2023-38408
2023-07-2003:15:10
Debian Security Bug Tracker
security-tracker.debian.org
358
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
90.8%
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssh | <Β 1:9.2p1-2+deb12u1 | openssh_1:9.2p1-2+deb12u1_all.deb |
| Debian | 11 | all | openssh | <Β 1:8.4p1-5+deb11u2 | openssh_1:8.4p1-5+deb11u2_all.deb |
| Debian | 10 | all | openssh | <Β 1:7.9p1-10+deb10u3 | openssh_1:7.9p1-10+deb10u3_all.deb |
| Debian | 999 | all | openssh | <Β 1:9.3p2-1 | openssh_1:9.3p2-1_all.deb |
| Debian | 13 | all | openssh | <Β 1:9.3p2-1 | openssh_1:9.3p2-1_all.deb |
Related
nessus
nessus
Amazon Linux AMI : openssh (ALAS-2023-1802)
2023-08-23 00:00:00
RHEL 8 : openssh (RHSA-2023:4413)
2023-08-01 00:00:00
EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2023-3057)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2023-2921)
2023-10-10 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2023-2816)
2023-09-11 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2023-3102)
2023-11-01 00:00:00
alpinelinux
alpinelinux
CVE-2023-38408
2023-07-20 03:15:10
CVE-2016-10009
2017-01-05 02:59:00
cve
cve
CVE-2023-38408
2023-07-20 03:15:10
CVE-2016-10009
2017-01-05 02:59:00
broadcom
broadcom
amazon
amazon
Important: openssh
2023-08-17 11:39:00
Important: openssh
2023-08-03 18:09:00
veracode
veracode
Remote Code Execution (RCE)
2023-07-20 11:22:49
prion
prion
Remote code execution
2023-07-20 03:15:00
Design/Logic Flaw
2017-01-05 02:59:00
ubuntucve
ubuntucve
CVE-2023-38408
2023-07-19 00:00:00
CVE-2016-10009
2017-01-04 00:00:00
f5
f5
K000135709 : OpenSSH vulnerability CVE-2023-38408
2023-08-02 00:00:00
K31440025 : OpenSSH vulnerability CVE-2016-10009
2017-01-24 00:00:00
osv
osv
CVE-2023-38408
2023-07-20 03:15:10
CVE-2016-10009
2017-01-05 02:59:03
openssh vulnerability
2023-07-31 17:40:15
packetstorm
packetstorm
OpenSSH Forwarded SSH-Agent Remote Code Execution
2023-07-20 00:00:00
OpenSSH Arbitrary Library Loading
2016-12-23 00:00:00
myhack58
myhack58
seebug
seebug
OpenSSH remote code execution vulnerability, CVE-2016-10009οΌ
2016-12-21 00:00:00
debiancve
debiancve
CVE-2016-10009
2017-01-05 02:59:00
cloudlinux
cloudlinux
Fixed CVE-2016-10009 in openssh-5.3p1
2022-07-04 19:13:43
openssh: Fix of CVE-2023-38408
2023-08-09 10:29:03
redhatcve
redhatcve
CVE-2016-10009
2016-12-20 07:47:25
CVE-2023-38408
2023-07-20 07:17:39
zdt
zdt
OpenSSH 7.4 - agent Protocol Arbitrary Library Loading Vulnerability
2016-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: openssh-9.0p1-16.fc38
2023-07-23 01:30:52
[SECURITY] Fedora 37 Update: openssh-8.8p1-11.fc37
2023-07-28 01:40:23
[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25
2017-01-06 20:25:39
redhat
redhat
(RHSA-2023:4381) Important: openssh security update
2023-08-01 08:57:57
(RHSA-2023:4382) Important: openssh security update
2023-08-01 09:01:29
(RHSA-2023:4419) Important: openssh security update
2023-08-01 13:52:30
wolfi
wolfi
CVE-2023-38408 vulnerabilities
2024-04-27 03:16:47
cbl_mariner
cbl_mariner
CVE-2023-38408 affecting package openssh 8.8p1-7
2023-08-10 16:37:57
CVE-2023-38408 affecting package openssh 8.9p1-2
2023-08-15 16:37:27
ibm
ibm
debian
debian
[SECURITY] [DLA 3532-1] openssh security update
2023-08-17 01:17:24
qualysblog
qualysblog
CVE-2023-38408: Remote Code Execution in OpenSSHβs forwarded ssh-agent
2023-07-19 15:53:27
freebsd
freebsd
FreeBSD -- Potential remote code execution via ssh-agent forwarding
2023-08-01 00:00:00
OpenSSH -- remote code execution via a forwarded agent socket
2023-07-19 00:00:00
FreeBSD -- OpenSSH multiple vulnerabilities
2017-01-11 00:00:00
oraclelinux
oraclelinux
openssh security update
2023-08-10 00:00:00
openssh security update
2023-08-02 00:00:00
openssh security update
2023-08-02 00:00:00
almalinux
almalinux
Important: openssh security update
2023-08-01 00:00:00
Important: openssh security update
2023-08-01 00:00:00
cgr
cgr
CVE-2023-38408 vulnerabilities
2024-04-27 03:20:18
redos
redos
ROS-20240212-01
2024-02-12 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2229
2023-09-05 09:40:26
Advisory ROSA-SA-2023-2222
2023-08-29 11:57:56
slackware
slackware
[slackware-security] openssh
2023-07-19 20:41:55
[slackware-security] openssh
2016-12-24 01:35:34
cloudfoundry
cloudfoundry
USN-6242-1: OpenSSH vulnerability | Cloud Foundry
2023-08-10 00:00:00
ubuntu
ubuntu
OpenSSH vulnerability
2023-07-24 00:00:00
OpenSSH vulnerability
2023-07-31 00:00:00
githubexploit
githubexploit
Exploit for Unquoted Search Path or Element in Openbsd Openssh
2023-11-09 04:34:39
Exploit for Unquoted Search Path or Element in Openbsd Openssh
2023-08-09 19:56:07
Exploit for Unquoted Search Path or Element in Openbsd Openssh
2023-07-21 01:53:10
rocky
rocky
openssh security update
2023-08-08 12:34:30
centos
centos
openssh, pam_ssh_agent_auth security update
2024-01-12 19:29:35
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:08.ssh
2023-08-01 00:00:00
FreeBSD-SA-17:01.openssh
2017-01-11 00:00:00
thn
thn
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
2023-07-24 09:10:00
aix
aix
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0628
2023-08-05 00:00:00
gentoo
gentoo
OpenSSH: Remote Code Execution
2023-07-20 00:00:00
archlinux
archlinux
[ASA-201612-20] openssh: multiple issues
2016-12-22 00:00:00
symantec
symantec
SA144 : OpenSSH Vulnerabilities January 2017
2017-03-02 08:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.03 Low
EPSS
Percentile
90.8%
Related for DEBIANCVE:CVE-2023-38408