Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]

Summary

OpenSSH used by IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below.

Vulnerability Details

CVEID:CVE-2023-51385
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of shell metacharacters. By sending a specially crafted request using expansion tokens, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

The issue can be addressed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i 5733-SC1 PTF numbers resolve the vulnerability.

IBM i Release| 5733-SC1
PTF Number| PTF Download Link
—|—|—
7.5| SI85935| <https://www.ibm.com/support/pages/ptf/SI85935&gt;
7.4| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948&gt;
7.3| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948&gt;
7.2| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948&gt;

Workarounds and Mitigations

None.