Whitney Champion 🍪

oh good, #OpenSSH RCE 😬

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute…

Qualys Security Blog
Jul 19, 2023 at 8:15pmWeb
Show threadMartin Boller     Jul 19, 2023
@shortstack just what we needed on top of Citrix, Fortigate, MoveIT, MS/Storm-0558,....
Show threadGonçalo RibeiroJul 19, 2023

@shortstack shame they don't explicitly say from which version the vulnerability applies.

On quick read seems to be since whatever version there was in 2010.

Show threadWhitney Champion 🍪Jul 19, 2023
@goncalor yea, was just looking through the release notes for the details
Show threadlick here for more infoJul 19, 2023
@shortstack I guess it's a good thing I had no idea that was even an option!
Show threadNicholas WeaverJul 20, 2023

@shortstack @paul_ipv6
Fortunately its really hard to exploit. Condition:

You have to have agent forwarding enabled to a remote computer that can already hijack your agent forwarding. You are already in deep trouble in that scenario already.