Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-38408

Published: 20/07/2023 Updated: 04/04/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Openbsd

Vulnerability Summary

The PKCS#11 feature in ssh-agent in OpenSSH prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

openbsd openssh 9.3

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: openssh-client: ssh-agent CVE-2023-38408
Debian Bug report logs - #1042460 openssh-client: ssh-agent CVE-2023-38408 Package: openssh-client; Maintainer for openssh-client is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Source for openssh-client is src:openssh (PTS, buildd, popcon) Reported by: Matija Nalis <mnalis-debianbug@voyagerhr> Date: Fr ...
Amazon Linux 2: ALAS2-2023-2176
The PKCS#11 feature in ssh-agent in OpenSSH before 93p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent) Exploitation can also be prevented by starting ssh-agent with ...
Amazon Linux AMI: ALAS-2023-1802
The PKCS#11 feature in ssh-agent in OpenSSH before 93p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent) Exploitation can also be prevented by starting ssh-agent with ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates
概述 Critical: Red Hat Advanced Cluster Management 281 security and bug fix updates 类型/严重性 Security Advisory: Critical 标题 Red Hat Advanced Cluster Management for Kubernetes 281 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterpr ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 227 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 227 General Availability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security impactof Critic ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rat ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 1712 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 1712 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 621 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Tel ...
Red Hat: Important: openssh security update
Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Moderate: OpenShift Virtualization 4.12.6 Images
Synopsis Moderate: OpenShift Virtualization 4126 Images Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4126 is now available with updates to packages and images that fix several bugs and add enhancements Description OpenShift Virtualization is Red Hat's virtualization solution designed for Red ...
Red Hat: Critical: Red Hat OpenShift GitOps security update
Synopsis Critical: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift GitOps 19Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Moderate: VolSync 0.5.4 security fixes and enhancements
Synopsis Moderate: VolSync 054 security fixes and enhancements Type/Severity Security Advisory: Moderate Topic VolSync v054 security fixes and enhancementsRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is ...
Red Hat: Moderate: OpenShift Container Platform 4.13.8 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4138 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4138 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.7.7 security and bug fix updates
Synopsis Critical: Red Hat Advanced Cluster Management 277 security and bug fix updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 277 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security i ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 218 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 218 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critica ...
Red Hat: Important: DevWorkspace Operator 0.22 release
Synopsis Important: DevWorkspace Operator 022 release Type/Severity Security Advisory: Important Topic Red Hat DevWorkspace Operator 022 has been releasedRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...
Red Hat: Moderate: VolSync 0.6.3 security fixes and enhancements
Synopsis Moderate: VolSync 063 security fixes and enhancements Type/Severity Security Advisory: Moderate Topic VolSync v063 security fixes and enhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...
Red Hat: Important: Red Hat OpenShift Pipelines 1.10.6 release and security update
Synopsis Important: Red Hat OpenShift Pipelines 1106 release and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Pipelines 1106 has been releasedRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION ...
Brocade Security Advisories: Access Denied
Menu Log in ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Exploits

Exploit DB: OpenSSH Forwarded SSH-Agent Remote Code Execution
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 93p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system ...

Github Repositories

https://github.com/kali-mx/CVE-2023-38498

PoC for the recent critical vuln affecting OpenSSH versions < 9.3p2

CVE-2023-38408 PoC for the recent critical vuln affecting OpenSSH versions &lt; 93p2 Designed to work seamlessly with TryHackMe's free access lab environment covering this vuln tryhackmecom/room/cve202338408 cvev2mov

https://github.com/amirphl/atlas

List of some technology related stuff

This repository contains a list of references Content Research AI Blockchain Security Data ACM System Design Interview Preparation Linkedin CPP Golang Java, Scala Python Django Linux DevOps Cloud Serialization Frameworks Vim Regex Testing Video Conferencing Stack Agile Tech Blogs Books Awesome Github Best Practices Github Tutorials Github Cheatsheets Github Checklists Github

https://github.com/snowcra5h/CVE-2023-38408

CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent

Reference / info wwwqualyscom/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agenttxt

https://github.com/djalilayed/tryhackme

tryhame rooms walkthrough

tryhackme # ctf # ctf writeup tryhame rooms YouTube videos walkthrough this collection of scripts I used on some TryHackMe rooms YouTube video for Mother's Secret youtube/RLesJdXA7HI YouTube video for Expose youtube/lDGY3hcpPzs YouTube video for Advanced Static Analysis youtube/kujzZ42ztfo YouTube video for Lesson Learned? youtube/tf

https://github.com/Magisk-Modules-Repo/ssh

ssh

MagiskSSH This is an SSH server running as root using the great Magisk systemless root suite It includes binaries for arm, arm64, x86, x86_64 However, only arm64 has been tested at all It requires Android API version 24 or higher (Android 70 Nougat and higher) Included software OpenSSL 310 (only needed for its libcrypto) OpenSSH 93p2 Rsync 327 Magisk Module Installer

https://github.com/kali-mx/CVE-2023-38408

PoC for the recent critical vuln affecting OpenSSH versions < 9.3p2

CVE-2023-38408 PoC for the recent critical vuln affecting OpenSSH versions &lt; 93p2 Designed to work seamlessly with TryHackMe's free access lab environment covering this vuln tryhackmecom/room/cve202338408 cvev2mov

https://github.com/wxrdnx/CVE-2023-38408

CVE-2023-38408

https://github.com/LucasPDiniz/CVE-2023-38408

Takeover Account OpenSSH

OpenSSH Vulnerability - CVE-2023-38408 📚 Introduction A vulnerability was found in OpenSSH (before 93p2 version) The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent) T

https://github.com/julienbrs/exploit-CVE-2023-3460

title Sécurité des SI - CVE 2023-38408 Analyse et exploitation de la CVE-2023-3460 CVE ID CVSS Score Discovered Affected Plugin Vulnerability Type CVE-2023-3460 07/04/2023 Ultimate Member Unauthorized Admin Access Sommaire Introduction Mécanisme général de la vulnérabilité Mécanisme de ge

https://github.com/FarelRA/MKM_ssh

MagiskSSH This is an SSH server running as root using the great Magisk systemless root suite It includes binaries for arm, arm64, x86, x86_64 However, only arm64 has been tested at all It requires Android API version 24 or higher (Android 70 Nougat and higher) Included software OpenSSL 310 (only needed for its libcrypto) OpenSSH 93p2 Rsync 327 Magisk Module Installer

References

CWE-428https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8https://www.openssh.com/txt/release-9.3p2https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txthttps://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agenthttps://news.ycombinator.com/item?id=36790196https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7cahttps://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351dhttps://www.openssh.com/security.htmlhttps://security.gentoo.org/glsa/202307-01http://www.openwall.com/lists/oss-security/2023/07/20/1http://www.openwall.com/lists/oss-security/2023/07/20/2http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttps://security.netapp.com/advisory/ntap-20230803-0010/https://lists.debian.org/debian-lts-announce/2023/08/msg00021.htmlhttp://www.openwall.com/lists/oss-security/2023/09/22/9http://www.openwall.com/lists/oss-security/2023/09/22/11https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/https://support.apple.com/kb/HT213940https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460https://nvd.nist.govhttps://github.com/kali-mx/CVE-2023-38498https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2023-2176.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook