Vulnerabilities in OpenSSH before 9.3p2 - 20230724002¶
Overview¶
The WA SOC has observed a vulnerability in the PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.
What is the vulnerability?¶
The vulnerability allows specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met:
-
Exploitation requires the presence of specific libraries on the victim system.
-
Remote exploitation requires that the agent was forwarded to an attacker-controlled system.
What is vulnerable?¶
The vulnerability affects the following products:
- Versions of OpenSSH before 9.3p2
Recommendation¶
The WA SOC recommends administrators to update OpenSSH to the lastest update within an expected timeframe of one month... (refer Patch Management).