FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSH -- remote code execution via a forwarded agent socket

Affected packages
openssh-portable < 9.3.p2,1
openssh-portable-gssapi < 9.3.p2,1
openssh-portable-hpn < 9.3.p2,1


VuXML ID 887eb570-27d3-11ee-adba-c80aa9043978
Discovery 2023-07-19
Entry 2023-07-21

OpenSSH project reports:

Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team.


CVE Name CVE-2023-38408