Home > Vulnerability Database > CVE-2023-38408

Mend.io Vulnerability Database

CVE-2023-38408

Good to know:

Date: July 19, 2023

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Language: C

Severity Score

9.8

Related Resources (25)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38408

Url: http://www.openwall.com/lists/oss-security/2023/09/22/9

Url: https://support.apple.com/kb/HT213940

Url: http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/

Url: https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408

Url: https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html

Url: https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/

Url: https://www.openssh.com/txt/release-9.3p2

Url: https://access.redhat.com/security/cve/CVE-2023-38408

Url: https://news.ycombinator.com/item?id=36790196

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/

Url: https://www.openssh.com/security.html

Url: https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

Url: https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/

Url: https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8

Url: https://security.gentoo.org/glsa/202307-01

Url: https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

Url: https://security.netapp.com/advisory/ntap-20230803-0010/

Url: http://www.openwall.com/lists/oss-security/2023/07/20/1

Url: http://www.openwall.com/lists/oss-security/2023/07/20/2

Url: http://www.openwall.com/lists/oss-security/2023/09/22/11

Url: https://www.mend.io/vulnerability-database/CVE-2023-38408

Severity Score

9.8

Weakness Type (CWE)

Unquoted Search Path or Element

CWE-428

Top Fix

Upgrade Version

Upgrade to version V_9_3_P2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38408

Good to know:

Date: July 19, 2023

Language: C

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?