HQ/EMEAFind out how we can help your business
The now-patched OpenSSH flaw could allow attackers to execute arbitrary commands remotely on infected hosts under specific conditions. Based on reports, the newly discovered vulnerability could enable a hacker to run arbitrary commands on flawed OpenSSH’s forwarded ssh-agent.
The vulnerability in question is CVE-2023-38408, which still has no severity score. Moreover, the vulnerability affects all versions of the OpenSSH before patch 9[.]3p2.
The OpenSSH tool is an essential kit that eliminates unwanted intrusions and connectivity.
Researchers explained that the new OpenSSH flaw could pose a significant threat to everyone since it is a well-known connectivity tool for remote login. Moreover, it has a protocol for encrypting all traffic to prevent spyware attacks, such as connection hijacking and eavesdropping.
Successful abuse of the flaw needs the presence of specific libraries on a targeted system that the SSH authentication agent could forward to an attacker-controlled system. SSH agent is a background system that maintains users’ keys in memory and aids remote logins to a server without providing a passphrase.
Researchers explained that a remote attacker was browsing through ssh-agent’s source code. The attackers can access the remote server where the researchers forwarded an ssh-agent. Furthermore, the attackers could load and unload any shared library in a workstation forwarded ssh-agent.
A separate security researcher allegedly claimed that it has been able to develop a proof-of-concept (PoC) against default installations of Ubuntu Desktop 21[.]10 and 22[.]04. However, the Linux OS distributions could still be vulnerable despite the patch.
As of now, cybersecurity experts advise users to update their OpenSSH to its most recent version to protect their systems against the threat posed by the flaw.
Earlier this year, OpenSSH containers deployed an update to resolve a medium-severity security vulnerability that could enable an unauthenticated, remote attacker to exploit and modify unexpected memory locations and acquire code execution.
On the other hand, researchers discovered another security issue last March that attackers could exploit through a specifically crafted DNS response to execute out-of-bounds read of adjacent stack information and cause a denial-of-service to the SSH client.
