New Vulnerability for OpenSSH: CVE-2023–38408
Does your company use OpenSSH? If so, read on …
Overall, OpenSSH is a program that supports the usage of the SSH protocol and which allows for remote login and remote execution. A common tool in OpenSSH is ssh-keygen, and which allows for the generation of RSA, DSA and elliptic-curve keys. These can then be used for user and host authentication, such as for GitHub login and Cloud instance login:
https://asecuritysite.com/openssh
SSH-agent
It is now reported that there is a new vulnerability (CVE-2023–38408) in OpenSSH and which allows remote code execution in relation to SSH’s forwarding feature for PKCS#11 providers (such as those which deal with cryptographic objects such as digital certificates and encryption keys). This relates to the SSH-agent, which stores keys for users so that they do not have to re-enter their passwords on a continual basis.
Overall, the vulnerability allows the SSH-agent to load and unload shared libraries in /usr/lib*. Overall, the libraries in /usr/lib* are fairly safe and contain mainly genuine distribution packages, some of the libraries can act in a different way when loaded into the secure SSH-agent environment, and which can allow remote code execution.