New information has surfaced about a previously fixed vulnerability in OpenSSH, which had the potential to allow unauthorized remote access to compromised systems under specific circumstances.
The security flaw, CVE-2023-38408, affected all versions of OpenSSH before 9.3p2. It could be exploited to run arbitrary commands on OpenSSH’s forwarded ssh-agent, a component responsible for remote logins without requiring passphrases.
Source: NIST
What are remote code executions?
“Remote code execution (RCE) attacks allow attackers to execute malicious code on a computer remotely. The impact of an RCE vulnerability can range from malware execution to an attacker gaining complete control over a compromised machine,” according to CheckPoint.
Source: Wallarm
Details about the patched vulnerability
To successfully exploit this vulnerability, specific libraries needed to be present on the victim’s system, and the SSH authentication agent had to be forwarded to an attacker-controlled system. OpenSSH is widely used for secure remote logins, preventing eavesdropping and connection hijacking.
By examining the ssh-agent’s source code, cybersecurity researchers found that a remote attacker with access to the server where the ssh-agent was forwarded could load and unload shared libraries on the user’s workstation, mainly if the ssh-agent were compiled with ENABLE_PKCS11.
Qualys developed a proof-of-concept (PoC) against default installations of Ubuntu Desktop 22.04 and 21.10. They suspect that other Linux distributions could also be vulnerable.
To protect against potential cyber threats, it is strongly recommended that OpenSSH users update to the latest version.
Concluding thoughts
The incident raises concerns about needing to update the software. Maintaining a proactive approach, conducting routine security, and monitoring suspicious activity is the key. Being informed about all security threats you could be a victim of is also required. Know more to be safe!
PureVPN
July 25, 2023
3 years ago
