Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 6242-1: OpenSSH Command Execution Risk - Moderate Threat

ubuntu
Calendar Grey July 24, 2023
Dist Ubuntu Esm H88
OpenSSH flaw permits illicit application running through ssh-agent forwarding on Ubuntu machines.
OpenSSH could be made to run programs as your login when using ssh-agent forwarding.

Summary

OpenSSH could be made to run programs as your login when using ssh-agent

forwarding.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH incorrectly handled loading certain PKCS#11

providers. If a user forwarded their ssh-agent to an untrusted system, a

remote attacker could possibly use this issue to load arbitrary libraries

from the user's system and execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   openssh-client                  1:9.0p1-1ubuntu8.4

Ubuntu 22.04 LTS:
   openssh-client                  1:8.9p1-3ubuntu0.3

Ubuntu 20.04 LTS:
   openssh-client                  1:8.2p1-4ubuntu0.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6242-1

CVE-2023-38408

Ubuntu Security Notice USN-6242-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.