Summary:
Researcher has uncovered a remote code execution vulnerability CVE-2023-38408 in OpenSSH's forwarded ssh-agent. This flaw allows remote attackers to potentially execute arbitrary commands on vulnerable OpenSSH instances. The vulnerability affects all versions of OpenSSH before 9.3p2. OpenSSH's agent forwarding is widely used to cache private keys for SSH public key authentication, enabling automation and reducing the need for constant passphrase input. Successful exploitation required certain libraries on the victim's system and a forwarded ssh-agent compiled with ENABLE_PKCS11.Researchers verified the vulnerability and successfully developed a Proof-of-Concept (PoC) exploit on Ubuntu Desktop 22.04 and 21.10, indicating potential risks for other Linux distributions. It is crucial for security teams to prioritize patching to safeguard against this threat.
Recommendations:
References:
The following reports contain further technical details:
https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html