New Vulnerability for OpenSSH: CVE-2023–38408
New Vulnerability for OpenSSH: CVE-2023–38408
Does your company use OpenSSH? If so, read on …
Overall, OpenSSH is a program that supports the usage of the SSH protocol and which allows for remote login and remote execution. A common tool in OpenSSH is ssh-keygen, and which allows for the generation of RSA, DSA and elliptic-curve keys. These can then be used for user and host authentication, such as for GitHub login and Cloud instance login:
https://asecuritysite.com/openssh
SSH-agent
It is now reported that there is a new vulnerability (CVE-2023–38408) in OpenSSH and which allows remote code execution in relation to SSH’s forwarding feature for PKCS#11 providers (such as those which deal with cryptographic objects such as digital certificates and encryption keys). This relates to the SSH-agent, which stores keys for users so that they do not have to re-enter their passwords on a continual basis.
Overall, the vulnerability allows the SSH-agent to load and unload shared libraries in /usr/lib*. Overall, the libraries in /usr/lib* are fairly safe and contain mainly genuine distribution packages, some of the libraries can act in a different way when loaded into the secure SSH-agent environment, and which can allow remote code execution.
More details here:
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepaperspacketstormsecurity.com
Conclusions
To fix upgrade to OpenSSH 9.3p2 or later, and restrict PKCS#11 providers to those who are fully trusted. Now, go and learn about OpenSSH: