Lucene search

Veracode Vulnerability DatabaseVERACODE:41425

HistoryJul 20, 2023 - 11:22 a.m.

Remote Code Execution (RCE)

2023-07-2011:22:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

150

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

openssh is vulnerable to Remote Code Execution (RCE). The vulnerability exists due to the insufficient trustworthy search path in the PKCS#11 feature in ssh-agent of the library, allowing an attacker to inject and execute malicious code if an agent is forwarded to an attacker-controlled system. NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

CPENameOperatorVersion
openssh:3.17eq9.1_p1-r0
openssh:3.17eq9.1_p1-r1
openssh:3.17eq9.1_p1-r3
openssh:3.17eq9.1_p1-r2
openssh:3.16eq9.0_p1-r1
openssh:3.16eq9.0_p1-r0
openssh:3.16eq9.0_p1-r3
openssh:3.16eq9.0_p1-r2
openssheq8.0p1__12.el8
openssheq5.3p1__104.el6

Name	Operator	Version
openssh:3.17	eq	9.1_p1-r0
openssh:3.17	eq	9.1_p1-r1
openssh:3.17	eq	9.1_p1-r3
openssh:3.17	eq	9.1_p1-r2
openssh:3.16	eq	9.0_p1-r1
openssh:3.16	eq	9.0_p1-r0
openssh:3.16	eq	9.0_p1-r3
openssh:3.16	eq	9.0_p1-r2
openssh	eq	8.0p1__12.el8
openssh	eq	5.3p1__104.el6

Rows per page:

1-10 of 821

References

packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html

www.openwall.com/lists/oss-security/2023/07/20/1

www.openwall.com/lists/oss-security/2023/07/20/2

www.openwall.com/lists/oss-security/2023/09/22/11

www.openwall.com/lists/oss-security/2023/09/22/9

blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8

github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d

github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca

lists.debian.org/debian-lts-announce/2023/08/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/

lists.fedoraproject.org/archives/list/[email protected]/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/

lists.fedoraproject.org/archives/list/[email protected]/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/

news.ycombinator.com/item?id=36790196

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

secdb.alpinelinux.org/v3.17/main.yaml

security.gentoo.org/glsa/202307-01

security.netapp.com/advisory/ntap-20230803-0010/

support.apple.com/kb/HT213940

www.openssh.com/security.html

www.openssh.com/txt/release-9.3p2

www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Remote Code Execution (RCE)

References

Related