Severity: Unknown
Affected Package: openssh
Summary: OpenSSH ssh-agent insecure search path
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE this issue exists because of an incomplete fix for CVE-2016-10009.
Specific versions:
No specific recommendations provided.
Aliases: CVE-2023-38408
Published: December 27, 2023
Last Modified: December 27, 2023