Bugzilla – Bug 1213504
EMU: VUL-0: CVE-2023-38408: openssh: Remote Code Execution in OpenSSH's forwarded ssh-agent
Last modified: 2024-07-03 07:59:50 UTC
CVE-2023-38408 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38408 https://bugs.chromium.org/p/project-zero/issues/detail?id=1009 https://bugs.chromium.org/p/project-zero/issues/detail?id=2266 https://www.cve.org/CVERecord?id=CVE-2023-38408 http://www.openwall.com/lists/oss-security/2023/07/19/9 https://seclists.org/oss-sec/2023/q3/49 https://www.openssh.com/security.html https://www.qualys.com/research/security-advisories/ https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca https://news.ycombinator.com/item?id=36790196 https://security.gentoo.org/glsa/202307-01 https://www.openssh.com/txt/release-9.3p2 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
I fear all maintained codestreams are affected: - SUSE:ALP:Source:Standard:1.0 - SUSE:SLE-12-SP2:Update - SUSE:SLE-12-SP4:Update - SUSE:SLE-12-SP5:Update - SUSE:SLE-15-SP1:Update - SUSE:SLE-15-SP2:Update - SUSE:SLE-15-SP3:Update - SUSE:SLE-15:Update
Thanks Marcus. SUSE:SLE-11-SP4:Update is also affected.
This is an autogenerated message for OBS integration: This bug (1213504) was mentioned in https://build.opensuse.org/request/show/1099856 Factory / openssh
SUSE-SU-2023:2950-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1213504 CVE References: CVE-2023-38408 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): openssh-7.2p2-81.4.2, openssh-askpass-gnome-7.2p2-81.4.2 SUSE Linux Enterprise Server 12 SP5 (src): openssh-7.2p2-81.4.2, openssh-askpass-gnome-7.2p2-81.4.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): openssh-7.2p2-81.4.2, openssh-askpass-gnome-7.2p2-81.4.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2947-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1213504 CVE References: CVE-2023-38408 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): openssh-askpass-gnome-7.9p1-150100.6.31.1, openssh-7.9p1-150100.6.31.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): openssh-askpass-gnome-7.9p1-150100.6.31.1, openssh-7.9p1-150100.6.31.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): openssh-askpass-gnome-7.9p1-150100.6.31.1, openssh-7.9p1-150100.6.31.1 SUSE CaaS Platform 4.0 (src): openssh-askpass-gnome-7.9p1-150100.6.31.1, openssh-7.9p1-150100.6.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2946-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1213504 CVE References: CVE-2023-38408 Sources used: SUSE Enterprise Storage 7 (src): openssh-askpass-gnome-8.1p1-150200.5.37.1, openssh-8.1p1-150200.5.37.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): openssh-askpass-gnome-8.1p1-150200.5.37.1, openssh-8.1p1-150200.5.37.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): openssh-askpass-gnome-8.1p1-150200.5.37.1, openssh-8.1p1-150200.5.37.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): openssh-askpass-gnome-8.1p1-150200.5.37.1, openssh-8.1p1-150200.5.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2940-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1213504 CVE References: CVE-2023-38408 Sources used: SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): openssh-7.2p2-74.63.1, openssh-askpass-gnome-7.2p2-74.63.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2945-1: An update that solves one vulnerability and has four fixes can now be installed. Category: security (important) Bug References: 1186673, 1209536, 1213004, 1213008, 1213504 CVE References: CVE-2023-38408 Sources used: openSUSE Leap Micro 5.3 (src): openssh-8.4p1-150300.3.22.1 openSUSE Leap 15.4 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 openSUSE Leap 15.5 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): openssh-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro 5.3 (src): openssh-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): openssh-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro 5.4 (src): openssh-8.4p1-150300.3.22.1 Basesystem Module 15-SP4 (src): openssh-8.4p1-150300.3.22.1 Basesystem Module 15-SP5 (src): openssh-8.4p1-150300.3.22.1 Desktop Applications Module 15-SP4 (src): openssh-askpass-gnome-8.4p1-150300.3.22.1 Desktop Applications Module 15-SP5 (src): openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise Real Time 15 SP3 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Manager Proxy 4.2 (src): openssh-8.4p1-150300.3.22.1 SUSE Manager Retail Branch Server 4.2 (src): openssh-8.4p1-150300.3.22.1 SUSE Manager Server 4.2 (src): openssh-8.4p1-150300.3.22.1 SUSE Enterprise Storage 7.1 (src): openssh-8.4p1-150300.3.22.1, openssh-askpass-gnome-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro 5.1 (src): openssh-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro 5.2 (src): openssh-8.4p1-150300.3.22.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): openssh-8.4p1-150300.3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
*** Bug 1213536 has been marked as a duplicate of this bug. ***