MNBSD-2023-9: OpenSSH ssh-agent insecure search path

Severity: Unknown

Affected Package: openssh

Summary: OpenSSH ssh-agent insecure search path

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE this issue exists because of an incomplete fix for CVE-2016-10009.

Affected Versions

openssh

Specific versions:

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4

Recommendations

No specific recommendations provided.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-38408
https://nvd.nist.gov/vuln/detail/CVE-2016-10009

Additional Information

Aliases: CVE-2023-38408

Published: December 27, 2023
Last Modified: December 27, 2023