CVE-2023-38408

by Fred · 19/07/2023

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Date published : 2023-07-19

https://www.openssh.com/security.html

https://www.openssh.com/txt/release-9.3p2

CVE-2023-38408

Similar

Recent Posts

Categories

CVE-2023-38408

Share this:

Similar

Recent Posts

Categories

Tags