6 matches found
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2023-38408)
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...
Advisory ROSA-SA-2025-3043
Software: openssh 8.0p1 OS: ROSA Virtualization 3.1 unaffected versions = openssh-8.0p1-26.0.2.2.rv31 affected versions openssh-8.0p1-26.0.2.2.rv31 CVE-ID: CVE-2020-14145 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is related to a lack of service...
CLSA-2023-1691606104 openssh: Fix of CVE-2023-38408
CVE-2023-38408: checks libraries before dlopen and separate ssh-pkcs11-helpers for each p11 module...
CLSA-2023-1691576785 openssh: Fix of CVE-2023-38408
CVE-2023-38408: checks libraries before dlopen...
CLSA-2023-1691576392 Fix CVE(s): CVE-2023-38408
SECURITY UPDATE: Fix file description leak - debian/patches/CVE-2023-38408-Fix-file-description-leak.patch: Fix the leak in pkcs11starthelper - CVE-2023-38408...
CVE-2023-38408
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...