GoogleOSV:USN-6242-1

HistoryJul 24, 2023 - 4:38 p.m.

Vulners
/
Osv
/
openssh vulnerability

openssh vulnerability

2023-07-2416:38:57

Google

osv.dev

openssh

pkcs#11

ssh-agent

vulnerability

remote attacker

arbitrary code

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.058

Percentile

93.5%

JSON

It was discovered that OpenSSH incorrectly handled loading certain PKCS#11
providers. If a user forwarded their ssh-agent to an untrusted system, a
remote attacker could possibly use this issue to load arbitrary libraries
from the user’s system and execute arbitrary code.

References

ubuntu.com/security/CVE-2023-38408

ubuntu.com/security/notices/USN-6242-1

osv 7

openvas 31

nessus 62

cbl_mariner 2

ibm 12

redhat 23

redhatcve 1

debian 1

freebsd 2

cgr 1

qualysblog 2

almalinux 2

oraclelinux 5

rosalinux 2

fedora 2

freebsd_advisory 1

centos 1

rocky 1

cloudlinux 1

ubuntu 2

githubexploit 4

wolfi 1

slackware 1

cloudfoundry 1

redos 1

aix 1

f5 1

debiancve 1

cvelist 1

amazon 2

ubuntucve 1

broadcom 1

alpinelinux 1

thn 1

nvd 1

cve 1

prion 1

veracode 1

gentoo 1

photon 3

packetstorm 1

mageia 1

apple 1

hp 1

oracle 1

ics 1

osv

Important: openssh security update

2023-08-01 00:00:00

CGA-wfw4-m8r2-5q9c

2024-06-06 12:29:45

openssh - security update

2023-08-17 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2023:2950-1)

2023-07-25 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2946-1)

2023-07-25 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2945-1)

2023-07-25 00:00:00

nessus

Photon OS 5.0: Openssh PHSA-2023-5.0-0057

2024-07-23 00:00:00

Photon OS 4.0: Openssh PHSA-2023-4.0-0440

2024-07-24 00:00:00

RHEL 7 : openssh (RHSA-2023:4382)

2023-08-01 00:00:00

cbl_mariner

CVE-2023-38408 affecting package openssh for versions less than 8.9p1-1

2023-08-10 16:37:57

CVE-2023-38408 affecting package openssh 8.9p1-2

2023-08-15 16:37:27

ibm

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish)[CVE-2023-38408]

2023-09-11 11:31:09

Security Bulletin: IBM Security Guardium is affected by an OpenSSH vulnerability (CVE-2023-38408)

2023-10-26 17:46:14

Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

2023-08-23 15:29:54

redhat

(RHSA-2023:4329) Important: openssh security update

2023-07-31 08:48:46

(RHSA-2023:4383) Important: openssh security update

2023-08-01 09:05:07

(RHSA-2023:4384) Important: openssh security update

2023-08-01 09:06:31

redhatcve

CVE-2023-38408

2023-07-20 07:17:39

debian

[SECURITY] [DLA 3532-1] openssh security update

2023-08-17 01:17:24

freebsd

FreeBSD -- Potential remote code execution via ssh-agent forwarding

2023-08-01 00:00:00

OpenSSH -- remote code execution via a forwarded agent socket

2023-07-19 00:00:00

cgr

CVE-2023-38408 vulnerabilities

2024-05-19 03:07:16

qualysblog

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

2023-07-19 15:53:27

Oracle Patch Tuesday, October 2023 Security Update Review

2023-10-18 17:11:20

almalinux

Important: openssh security update

2023-08-01 00:00:00

Important: openssh security update

2023-08-01 00:00:00

oraclelinux

openssh security update

2023-08-10 00:00:00

openssh security update

2023-08-02 00:00:00

openssh security update

2023-08-02 00:00:00

rosalinux

Advisory ROSA-SA-2023-2222

2023-08-29 11:57:56

Advisory ROSA-SA-2023-2229

2023-09-05 09:40:26

fedora

[SECURITY] Fedora 37 Update: openssh-8.8p1-11.fc37

2023-07-28 01:40:23

[SECURITY] Fedora 38 Update: openssh-9.0p1-16.fc38

2023-07-23 01:30:52

freebsd_advisory

FreeBSD-SA-23:08.ssh

2023-08-01 00:00:00

centos

openssh, pam_ssh_agent_auth security update

2024-01-12 19:29:35

rocky

openssh security update

2023-08-08 12:34:30

cloudlinux

openssh: Fix of CVE-2023-38408

2023-08-09 10:29:03

ubuntu

OpenSSH vulnerability

2023-07-31 00:00:00

OpenSSH vulnerability

2023-07-24 00:00:00

githubexploit

Exploit for Unquoted Search Path or Element in Openbsd Openssh

2023-07-21 01:53:10

Exploit for Unquoted Search Path or Element in Openbsd Openssh

2023-11-09 04:34:39

Exploit for Allocation of Resources Without Limits or Throttling in Discourse

2023-08-09 19:56:07

wolfi

CVE-2023-38408 vulnerabilities

2024-09-19 09:11:50

slackware

[slackware-security] openssh

2023-07-19 20:41:55

cloudfoundry

USN-6242-1: OpenSSH vulnerability | Cloud Foundry

2023-08-10 00:00:00

redos

ROS-20240212-01

2024-02-12 00:00:00

aix

AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH

2023-08-23 08:36:37

K000135709 : OpenSSH vulnerability CVE-2023-38408

2023-08-02 00:00:00

debiancve

CVE-2023-38408

2023-07-20 03:15:10

cvelist

CVE-2023-38408

2023-07-20 00:00:00

amazon

Important: openssh

2023-08-03 18:09:00

Important: openssh

2023-08-17 11:39:00

ubuntucve

CVE-2023-38408

2023-07-19 00:00:00

broadcom

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)

2023-11-07 00:00:00

alpinelinux

CVE-2023-38408

2023-07-20 03:15:10

thn

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

2023-07-24 09:10:00

nvd

CVE-2023-38408

2023-07-20 03:15:10

cve

CVE-2023-38408

2023-07-20 03:15:10

prion

Remote code execution

2023-07-20 03:15:00

veracode

Remote Code Execution (RCE)

2023-07-20 11:22:49

gentoo

OpenSSH: Remote Code Execution

2023-07-20 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0628

2023-08-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0057

2023-07-26 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0440

2023-07-29 00:00:00

packetstorm

OpenSSH Forwarded SSH-Agent Remote Code Execution

2023-07-20 00:00:00

mageia

Updated openssh packages fix security vulnerabilities

2024-01-15 01:23:43

apple

About the security content of macOS Sonoma 14

2023-09-26 00:00:00

HP ThinPro 8.0 SP 8 Security Updates

2024-03-01 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.058

Percentile

93.5%

JSON

Related for OSV:USN-6242-1