FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Potential remote code execution via ssh-agent forwarding

Affected packages
13.2 <= FreeBSD < 13.2_2
13.1 <= FreeBSD < 13.1_9
12.4 <= FreeBSD < 12.4_4


VuXML ID 291d0953-47c1-11ee-8e38-002590c1f29c
Discovery 2023-08-01
Entry 2023-08-31

Problem Description:

The server may cause ssh-agent to load shared libraries other than those required for PKCS#11 support. These shared libraries may have side effects that occur on load and unload (dlopen and dlclose).


An attacker with access to a server that accepts a forwarded ssh-agent connection may be able to execute code on the machine running ssh-agent. Note that the attack relies on properties of operating system-provided libraries. This has been demonstrated on other operating systems; it is unknown whether this attack is possible using the libraries provided by a FreeBSD installation.


CVE Name CVE-2023-38408
FreeBSD Advisory SA-23:08.ssh