mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.9 KiB
1.9 KiB
CVE-2023-38408
Description
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
POC
Reference
- http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
- https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
- https://news.ycombinator.com/item?id=36790196
Github
- https://github.com/FarelRA/MKM_ssh
- https://github.com/LucasPDiniz/CVE-2023-38408
- https://github.com/LucasPDiniz/StudyRoom
- https://github.com/Magisk-Modules-Repo/ssh
- https://github.com/Threekiii/CVE
- https://github.com/amirphl/atlas
- https://github.com/aneasystone/github-trending
- https://github.com/bollwarm/SecToolSet
- https://github.com/classic130/CVE-2023-38408
- https://github.com/djalilayed/tryhackme
- https://github.com/firatesatoglu/iot-searchengine
- https://github.com/johe123qwe/github-trending
- https://github.com/kali-mx/CVE-2023-38408
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/scmanjarrez/CVEScannerV2
- https://github.com/scmanjarrez/test
- https://github.com/snowcra5h/CVE-2023-38408
- https://github.com/testing-felickz/docker-scout-demo
- https://github.com/thesakibrahman/THM-Free-Room
- https://github.com/wxrdnx/CVE-2023-38408