The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-20T00:00:00
Updated: 2024-04-04T05:50:59.479313
Reserved: 2023-07-17T00:00:00
Link: CVE-2023-38408
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-20T03:15:10.170
Modified: 2024-04-04T06:15:08.430
Link: CVE-2023-38408
JSON object: View
Redhat Information
No data.
CWE