Remote Code Execution in OpenSSH's forwarded ssh-agent
It impacts all versions of OpenSSH before 9.3p2
"While browsing through ssh-agent's source code, we noticed that a remote attacker, who has access to the remote server where Alice's ssh-agent is forwarded to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice's workstation (via her forwarded ssh-agent, if it is compiled with ENABLE_PKCS11, which is the default)," Qualys explained.
CVE-2023-38408
archive.is
It impacts all versions of OpenSSH before 9.3p2
"While browsing through ssh-agent's source code, we noticed that a remote attacker, who has access to the remote server where Alice's ssh-agent is forwarded to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice's workstation (via her forwarded ssh-agent, if it is compiled with ENABLE_PKCS11, which is the default)," Qualys explained.
CVE-2023-38408
snowcra5h/CVE-2023-38408: CVE-2023-38408 Remote Code Execution in Ope…
archived 24 Jul 2023 22:38:00 UTC
archive.is