OpenSSH 9.3p2 with security fix (www.openssh.com)

submitted 1 year ago* (last edited 1 year ago) by tedu@az1.azorius.net to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met:

Exploitation requires the presence of specific libraries on the victim system.
Remote exploitation requires that the agent was forwarded to an attacker-controlled system.

In addition to removing the main precondition for exploitation, this release removes the ability for remote ssh-agent(1) clients to load PKCS#11 modules by default (see below).

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 19 Jul 2023

10 points (100.0% liked)

cybersecurity

3227 readers

3 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub