New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.

The vulnerability is being tracked under the CVE identifier CVE-2023-38408 (CVSS score: N/A). It impacts all versions of OpenSSH before 9.3p2.

OpenSSH is a popular connectivity tool for remote login with the SSH protocol that’s used for encrypting all traffic to eliminate eavesdropping, connection hijacking, and other attacks.

Successful exploitation requires the presence of certain libraries on the victim system and that the SSH authentication agent is forwarded to an attacker-controlled system. SSH agent is a background program that maintains users’ keys in memory and facilitates remote logins to a server without having to enter their passphrase again.

The cybersecurity firm said it was able to devise a successful proof-of-concept (PoC) against default installations of Ubuntu Desktop 22.04 and 21.10, although other Linux distributions are expected to be vulnerable as well.

It is strongly advised that users of OpenSSH update to the most recent version in order to safeguard against potential cyber threats.

Earlier this February, OpenSSH maintainers released an update to remediate a medium-severity security flaw (CVE-2023-25136, CVSS score: 6.5) that could be exploited by an unauthenticated remote attacker to modify unexpected memory locations and theoretically achieve code execution.

A subsequent release in March addressed another security issue that could be abused by means of a specifically crafted DNS response to perform an out-of-bounds read of adjacent stack data and cause a denial-of- service to the SSH client.