exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2023-38408

Status Candidate

Overview

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Related Files

OpenSSH 9.6p1
Posted Dec 21, 2023
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This release contains fixes for a newly-discovered weakness in the SSH transport protocol, a logic error relating to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for programs that invoke ssh(1) with user or hostnames containing invalid characters. Included are three security changes, five new features, nine bug fixes, and various other updates.
tags | tool, encryption
systems | linux, unix, openbsd
advisories | CVE-2023-38408
SHA-256 | 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c
Red Hat Security Advisory 2023-5103-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-2828, CVE-2023-3089, CVE-2023-38408, CVE-2023-3899
SHA-256 | ff86c5fcb20d801641ee0a943d716618abfc792dd089f942079ae10795581374
Red Hat Security Advisory 2023-5029-01
Posted Sep 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5029-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-2828, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-32681, CVE-2023-34969, CVE-2023-38408, CVE-2023-3899, CVE-2023-40029, CVE-2023-40584
SHA-256 | c0291459c882477e013eaea14c0f82d0a59d74dddca3fd7408915b71c5865c3f
Red Hat Security Advisory 2023-4982-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-32681, CVE-2023-34969, CVE-2023-38408
SHA-256 | b9023400cec5412855af688ab8ee78059b127eabc4f5cf42938b74354d4cde03
Red Hat Security Advisory 2023-4893-01
Posted Aug 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-48281, CVE-2023-1667, CVE-2023-2283, CVE-2023-24532, CVE-2023-26604, CVE-2023-2828, CVE-2023-34969, CVE-2023-38408
SHA-256 | f11e31090cc28a228765523fb483ea854fa2ab2b6954f304533ceb4fbfabf6fb
Red Hat Security Advisory 2023-4889-01
Posted Aug 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-38408
SHA-256 | 903adfa69d078e0a5ec7e59ab81c4797891534ed0e68348a9ada32b2fb46db1d
Red Hat Security Advisory 2023-4654-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-3089, CVE-2023-32681, CVE-2023-34969, CVE-2023-37903, CVE-2023-38408
SHA-256 | f65b71e2d93a61d8fd6e9baa0836136297d958349bf5dfab6550b04986c6a67b
Red Hat Security Advisory 2023-4575-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4575-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | a98593a8060ade811648ba5d5dd712824690b84a705e28c8fe1981b12209ee79
Red Hat Security Advisory 2023-4576-01
Posted Aug 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-35252, CVE-2022-36227, CVE-2022-43552, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-27535, CVE-2023-3089, CVE-2023-38408
SHA-256 | b9b138ef5ed2017d1d6071fb95c69743b0800e58f2f41055d4d6bcb0d2caee06
Red Hat Security Advisory 2023-4456-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

tags | advisory, add administrator
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-45869, CVE-2023-0458, CVE-2023-1998, CVE-2023-22652, CVE-2023-28321, CVE-2023-28322, CVE-2023-28484, CVE-2023-29469, CVE-2023-3089, CVE-2023-3090, CVE-2023-32681, CVE-2023-35788, CVE-2023-38408
SHA-256 | b0a498344d09cd12609bee557f305594f2cff6126e3cae1cdc620fc9159bf3ec
Red Hat Security Advisory 2023-4428-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | bc3df1cb11c658997a4d64a8ffda1102f043e934c48f886a4622aac3741aa507
Red Hat Security Advisory 2023-4413-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | e2a2301284a738ee2387542218657bcb1c169a8dd1434d4f0228d2c8ac69c635
Red Hat Security Advisory 2023-4419-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | a4939b13454be5d41b1e1a7216fe8b32fcaf8a6da92838eca67c17e8d22f0e86
Ubuntu Security Notice USN-6242-2
Posted Aug 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-38408
SHA-256 | fb3b87a987324313bce3c73932307702f8e60575e6a91b8babad2eb73b470d39
Red Hat Security Advisory 2023-4383-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4383-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | 5f400121406abe3e769ee4a1e792a5cbb01afedc9b2ed6fd03c4dc8af8217f5f
Red Hat Security Advisory 2023-4384-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4384-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | ab10182fb7bfd0df6d2c00fc1f88bdde59c33ff7c7c459a64aa8913f97142038
Red Hat Security Advisory 2023-4382-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4382-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | 940ebd3d9abadafbebd8e95d2d3dd51400f0f158f171a4ffa460ff1e98902a6e
Red Hat Security Advisory 2023-4381-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4381-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | 765a9b39aae28ac364b664a1d2ac268ef99439c011b58cd79be5f4798f946423
Red Hat Security Advisory 2023-4412-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4412-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | b3f34b39cc5cd00ac2f0318b287a728ad6c9e7df86d65aa0889a715e1a605d2f
Red Hat Security Advisory 2023-4329-01
Posted Jul 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4329-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat, unix
advisories | CVE-2023-38408
SHA-256 | 3fbb5077ab0bb19d87b6c8dc2253460979a2750fd27e22540bb29c8aada46e84
Ubuntu Security Notice USN-6242-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-38408
SHA-256 | fdcfbae1f5c8e13e234b05f8f69b7089d4be15d583f61718c883176d63f0c044
OpenSSH Forwarded SSH-Agent Remote Code Execution
Posted Jul 20, 2023
Authored by Qualys Security Advisory

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

tags | exploit, remote, code execution
advisories | CVE-2023-38408
SHA-256 | e93ab81da334d2b2c5f8f662d87f396041e5e366d8b286e3907b5cb137de0e8e
Gentoo Linux Security Advisory 202307-01
Posted Jul 20, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202307-1 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could result in remote code execution. Versions less than 9.3_p2 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-25136, CVE-2023-28531, CVE-2023-38408
SHA-256 | e6bacec3063ea2cc3f27ebc72032e82e64d71502347e717441dac3017857897d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close