Dear valued customers,

We are writing to inform you about a security vulnerability that affects customers using SSH and SSH forwarding. The vulnerability has been assigned CVE-2023-38408 and is related to Remote Code Execution (RCE) in OpenSSH’s forwarded ssh-agent.

SSH-agent is a program designed to store private keys used for public key authentication. It can be located and automatically used for authentication when logging in to other machines using SSH. Connections to ssh-agent can be forwarded from remote hosts using the -A option to SSH, which allows the remote host to access the local agent.

Despite warnings about enabling SSH-agent forwarding with caution, it is still widely used today. However, we have discovered a potential security risk related to the forwarding of ssh-agent. An attacker with access to the remote server where ssh-agent is forwarded to could load and immediately unload shared libraries from /usr/lib* on the local workstation. This may result in unexpected side effects, including remote code execution in ssh-agent.

Our research indicates that even though certain shared libraries are generally considered safe, chaining specific side effects could lead to a reliable one-shot remote code execution in ssh-agent. We are actively working on a set of patches to address this vulnerability in OpenSSH, and we are working to upgrade the version of OpenSSH on your systems as soon as possible. We will coordinate with you when this upgrade is ready to ensure a seamless transition.

Please note that this CVE affects versions older than OpenSSH 9.3p2. You can identify your current server version by running ‘ssh -V’ in your terminal.

Your security and privacy are of utmost importance to us, and we are committed to providing you with the best possible protection. If you have any questions or concerns, please open a ticket at tickets.dynamic.com.

Thank you for your attention to this matter.

Sincerely,
Engineering Team
Dynamic Concepts Inc.

Dynamic wishes you and your family a long weekend in celebration. Our offices will be closed for the holiday starting on Thursday the 4th and Friday the 5th of July. The office will be back open on Monday the 8th of July at 7:30 am PST. If you should have any emergencies please put in a ticket and one of our engineers will be able to help you. All other non emergencies will be addressed on the following Monday.

There appear to be some ongoing issues this morning with AWS outages, mostly affected a specific AZ within the US-East-2 region. This appears to be impacting our third-party monitoring service (New Relic) as well and their team is actively working on a solution.”

APP11:28 AM

Informational message: Instance Connectivity
We can confirm that a small number of instances have experienced a loss of power in a single Availability Zone in the US-EAST-2 (Ohio) Region (use2-az1). Some EBS volumes within the affected Availability Zone are experiencing degraded performance. All customers affected by instance connectivity and EBS impaired volumes were notified directly through the Personal Health Dashboard, beginning with an EC2 notification at 8:34 AM PDT. Engineering teams are actively working to restore power now.

We have resolved the issue with Plesk webservers and implemented an update that takes care of the problem on all customer servers with one server being the exception although it too has a temporary fix implemented until we schedule the update for that server. All services are functioning normally again.

We are aware of a recent issue (as of May 26, 2023) affecting some Apache webservers that causes intermittent connection issues. Thus far this has only affected a handful of customer Plesk servers. You may see a 403 forbidden error or an “Apache 123 test page” and if you find yourself affected by this please let us know by opening a ticket so we can quickly address this problem until the developers release a permanent fix.

If you are an affected customer please open a ticket.