Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling

Related Vulnerabilities: CVE-2023-51385   CVE-2023-6004  
Source 
                Hi,

This was previously announced as mitigated in OpenSSH 9.6:

https://www.openwall.com/lists/oss-security/2023/12/18/2

and is now known as CVE-2023-51385 described as follows:

The corresponding libssh issue got assigned CVE-2023-6004, with their
advisory here:

https://www.libssh.org/security/advisories/CVE-2023-6004.txt

and quoted below:

Incidentally, NIST NVD's current CVSS 3.1 score for OpenSSH's
CVE-2023-51385 is a ridiculous 9.8.  Quite usual for CVSS and NVD.

There's a blog post on exploitation via git submodules and on
"Vulnerable usage out in the wild" here:

https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html

Alexander

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started