StarlingX

[Debian] Critical CVE: CVE-2023-38408 openssh: an insufficiently trustworthy search path

Bug #2038794 reported by Yue Tao on 2023-10-09

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	High	Unassigned

Bug Description

CVE-2023-38408: https://nvd.nist.gov/vuln/detail/CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Base Score: Critical

Reference:

['openssh-client_1:8.4p1-5_amd64.deb===>openssh-client_1:8.4p1-5+deb11u2_amd64.deb', 'openssh-server_1:8.4p1-5_amd64.deb===>openssh-server_1:8.4p1-5+deb11u2_amd64.deb', 'openssh-sftp-server_1:8.4p1-5_amd64.deb===>openssh-sftp-server_1:8.4p1-5+deb11u2_amd64.deb']

Tags:

CVE References

2023-38408

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.