Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-51385

Published: 18/12/2023 Updated: 13/03/2024
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Openssh

Vulnerability Summary

In ssh in OpenSSH prior to 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Red Hat: Moderate: openssh security update
Synopsis Moderate: openssh security update Type / Sévérité Security Advisory: Moderate Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for openssh is now available for Red Hat Enterprise Linux 8Red Hat Product Security h ...
Debian Security Advisories: DSA-5586-1 openssh -- security update
Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandU ...
Amazon Linux 2: ALAS-2024-2507
In ssh in OpenSSH before 96, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name (CVE-2023-51385) ...
Red Hat:
Description<!---->A flaw was found in OpenSSH In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens (eg, %u, %h) with user names or host names that contain shell metacharactersA flaw was found in OpenSSH In certain circumstances, a remote attacker may be able to execute arbitrary OS ...
Apple: macOS Sonoma 14.4
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the&nbsp;Apple security releases page Apple security documents reference vulnerabilities by&nbsp;CVE-ID&nbsp;whe ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION ...

Mailing Lists

Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-03-07-2024-2 macOS Sonoma 144 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Sec ...
Full Disclosure: CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling <!--X-Subject-Header-End--> <!--X-H ...

Github Repositories

https://github.com/LtmThink/CVE-2023-51385_test

一个验证对CVE-2023-51385

验证CVE-2023-51385 首先需要在~/ssh/config中增加如下内容 host *examplecom ProxyCommand /usr/bin/nc -X connect -x 192020:8080 %h %p gitmodules文件语句中存在命令注入 url = ssh://`echo helloworld &gt; cvetxt`fooexamplecom/bar 配置完成后,执行下面的指令

https://github.com/2048JiaLi/CVE-2023-51385

CVE-2023-51385 的exp

CVE-2023-51385 CVE-2023-51385 的exp

https://github.com/GitHubForSnap/openssh-server-gael

openssh-server-gael This is NOT an original piece of work, just a snap of OpenSSH server The SSH2 protocol implemented in OpenSSH is standardized by the IETF secsh working group and is specified in several RFCs and drafts The overall structure of SSH2 is described in the architecture RFC Installation sudo snap install openssh-server-gael_89_amd64snap --devmode First use R

https://github.com/zls1793/CVE-2023-51385_test

一个验证对CVE-2023-51385

验证CVE-2023-51385 首先需要在~/ssh/config增加如下 host *examplecom ProxyCommand /usr/bin/nc -X connect -x 192020:8080 %h %p gitmodules文件语句中存在命令注入 url = ssh://`echo helloworld &gt; cvetxt`fooexamplecom/bar 配置完成后,执行下面的指令触发 gi

https://github.com/power1314520/CVE-2023-51385_test

一个验证对CVE-2023-51385

##验证CVE-2023-51385 ###首先需要在 ~/ssh/config增加如下 主机 *examplecom ProxyCommand /usr/bin/nc -X connect -x 192020:8080 %h %p gitmodules文件语句中存在命令注入 url = ssh://`echo helloworld &gt; cvetxt`fooexamplecom/bar 配置完成后,执行下面的指

https://github.com/WLaoDuo/CVE-2023-51385_poc-test

CVE-2023-51385;OpenSSH ProxyCommand RCE;OpenSSH <9.6 命令注入漏洞poc

CVE-2023-51385 poc OpenSSH ProxyCommand RCE poc OpenSSH &lt;96 命令注入漏洞poc 中文

https://github.com/watarium/poc-cve-2023-51385

poc-cve-2023-51385

https://github.com/N0rther/CVE-2023-51385_TT

CVE-2023-51385测试POC

CVE-2023-51385_TT CVE-2023-51385测试POC

https://github.com/julienbrs/malicious-exploit-CVE-2023-51385

malicious-exploit-CVE-2023-51385

https://github.com/WOOOOONG/CVE-2023-51385

CVE-2023-51385 PoC Exploit

CVE-2023-51385 CVE-2023-51385 PoC Exploit

https://github.com/julienbrs/exploit-CVE-2023-51385

exploit-CVE-2023-51385

https://github.com/Le1a/CVE-2023-51385

OpenSSH ProxyCommand RCE

CVE-2023-51385 OpenSSH ProxyCommand RCE When your ProxyCommand is configured as follows: Host *com ProxyCommand /usr/bin/nc -X connect -x 127001:7890 %h %p Use the following command for proof of concept git clone githubcom/Le1a/CVE-2023-51385 --recurse-submodules

https://github.com/1forij/test

验证CVE-2023-51385 首先需要在~/ssh/config增加如下 host *examplecom ProxyCommand /usr/bin/nc -X connect -x 192020:8080 %h %p gitmodules文件语句中存在命令注入 url = ssh://`echo helloworld &gt; cvetxt`fooexamplecom/bar 配置完成后,执行下面的指令触发 gi

https://github.com/thinkliving2020/poc1

验证CVE-2023-51385 首先需要在~/ssh/config中增加如下内容 host *examplecom ProxyCommand /usr/bin/nc -X connect -x 192020:8080 %h %p gitmodules文件语句中存在命令注入 url = ssh://`echo helloworld &gt; cvetxt`fooexamplecom/bar 配置完成后,执行下面的指令

References

CWE-78https://www.openssh.com/txt/release-9.6https://www.openwall.com/lists/oss-security/2023/12/18/2https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1ahttps://www.debian.org/security/2023/dsa-5586https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.htmlhttps://lists.debian.org/debian-lts-announce/2023/12/msg00017.htmlhttp://www.openwall.com/lists/oss-security/2023/12/26/4https://security.gentoo.org/glsa/202312-17https://security.netapp.com/advisory/ntap-20240105-0005/https://support.apple.com/kb/HT214084http://seclists.org/fulldisclosure/2024/Mar/21https://access.redhat.com/errata/RHSA-2024:0606https://nvd.nist.govhttps://github.com/LtmThink/CVE-2023-51385_testhttps://www.debian.org/security/2023/dsa-5586
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook