New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Cyber Security Threat Summary:
Qualys Threat Research Unit recently uncovered a remote code execution vulnerability impacting OpenSSH’s forwarded ssh-agent, a background program that maintains users' keys in memory and facilitates remote logins to a server without having to enter their passphrase again. Tracked as CVE-2023-38408, the vulnerability impacts OpenSSH before 9.3p2 and can be exploited to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent. A successful exploit requires certain libraries to be present on the victim system and that the SSH authentication agent is forwarded to an attacker-controlled system.
“While browsing through ssh-agent's source code, we noticed that a remote attacker, who has access to the remote server where Alice's ssh-agent is forwarded to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice's workstation (via her forwarded ssh-agent, if it is compiled with ENABLE_PKCS11, which is the default)," stated Qualys in its advisory.
Security Officer Comments:
No details regarding exploitation in the wild were mentioned. However, Qualys Threat Research Unit was able to create a working proof-of-concept exploit on installations of Ubuntu Desktop 22.04 and 21.10, with other Linux distributions likely also vulnerable. Given that OpenSSH is widely used, security teams should apply the patches as soon as possible.
Suggested Correction(s):
CVE-2023-38408 was addressed with the release of OpenSSH 9.3p2 on July 19, 2023. For more information please refer to the link down below:
https://www.openssh.com/releasenotes.html#9.3p2
Link(s):
https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html
https://blog.qualys.com/