Whitney Champion 🍪Jul 19, 2023

oh good, #OpenSSH RCE 😬

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute…

Qualys Security Blog
Show threadGonçalo Ribeiro

@shortstack shame they don't explicitly say from which version the vulnerability applies.

On quick read seems to be since whatever version there was in 2010.

Jul 19, 2023 at 8:27pmWeb
Show threadWhitney Champion 🍪Jul 19, 2023
@goncalor yea, was just looking through the release notes for the details