vulnerability

Amazon Linux 2023: CVE-2023-38408: Important priority package update for openssh

Try Surface Command
Back to search
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 19, 2023
Added
Feb 17, 2025
Modified
Feb 17, 2025

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.

Solution(s)

amazon-linux-2023-upgrade-opensshamazon-linux-2023-upgrade-openssh-clientsamazon-linux-2023-upgrade-openssh-clients-debuginfoamazon-linux-2023-upgrade-openssh-debuginfoamazon-linux-2023-upgrade-openssh-debugsourceamazon-linux-2023-upgrade-openssh-keycatamazon-linux-2023-upgrade-openssh-keycat-debuginfoamazon-linux-2023-upgrade-openssh-serveramazon-linux-2023-upgrade-openssh-server-debuginfoamazon-linux-2023-upgrade-pam-ssh-agent-authamazon-linux-2023-upgrade-pam-ssh-agent-auth-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today