Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Related bugs and status

CVE-2023-38408 (Candidate) is related to these bugs:

Bug #1966886: ssh-copy-id and Dropbear Server

Summary				In	Importance	Status
	1966886	ssh-copy-id and Dropbear Server		openssh (Ubuntu)	Low	Fix Released

Bug #2038794: [Debian] Critical CVE: CVE-2023-38408 openssh: an insufficiently trustworthy search path

Summary				In	Importance	Status
	2038794	[Debian] Critical CVE: CVE-2023-38408 openssh: an insufficiently trustworthy search path		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.openssh.co...
CONFIRM: https://www.openssh.co...
GENTOO: GLSA-202307-01
MISC: https://blog.qualys.co...
MISC: https://github.com/ope...
MISC: https://github.com/ope...
MISC: https://github.com/ope...
MISC: https://news.ycombinat...
MISC: https://www.qualys.com...
MISC: http://packetstormsecu...
MLIST: [oss-security] 2023071...
MLIST: [oss-security] 2023072...
FEDORA: FEDORA-2023-878e04f4ae
FEDORA: FEDORA-2023-79a18e1725
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
MLIST: [oss-security] 2023092...
MLIST: [oss-security] 2023092...
CONFIRM: https://support.apple....
MISC: https://www.vicarius.i...