| We are writing to inform you about a security vulnerability that affects customers using SSH and SSH forwarding. The vulnerability has been assigned CVE-2023-38408 and is related to Remote Code Execution (RCE) in OpenSSH’s forwarded ssh-agent. Systems with SSH servers open to unprotected networks are the most vulnerable. SSH-agent is a program designed to store private keys used for public key authentication. It can be located and automatically used for authentication when logging in to other machines using SSH. Connections to ssh-agent can be forwarded from remote hosts using the -A option to SSH, which allows the remote host to access the local agent. Despite warnings about enabling SSH-agent forwarding with caution, it is still widely used today. However, we have discovered a potential security risk related to the forwarding of ssh-agent. An attacker with access to the remote server where ssh-agent is forwarded to could load and immediately unload shared libraries from /usr/lib* on the local workstation. This may result in unexpected side effects, including remote code execution in ssh-agent. Our research indicates that even though certain shared libraries are generally considered safe, chaining specific side effects could lead to a reliable one-shot remote code execution in ssh-agent. We are actively working to address this vulnerability in OpenSSH and will update you with more information as it becomes available. Please note that this CVE affects versions older than OpenSSH 9.3p2. You can identify your current server version by running ‘ssh -V’ in your terminal. Your security and privacy are of utmost importance to us, and we are committed to providing you with the best possible protection. If you have any questions or concerns, please open a ticket at tickets.dynamic.com. Thank you for your attention to this matter. Sincerely, Engineering Team Dynamic Concepts Inc. |
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
DynamicStat.us 