CentOS Local Security Checks : CentOS: Security Advisory for openssh (CESA-2023:4382)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.884304

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for openssh (CESA-2023:4382)

Resumen: The remote host is missing an update for the 'openssh'; package(s) announced via the CESA-2023:4382 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssh'
package(s) announced via the CESA-2023:4382 advisory.

Vulnerability Insight:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software/OS:
'openssh' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-38408
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
https://security.gentoo.org/glsa/202307-01
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
https://news.ycombinator.com/item?id=36790196
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
http://www.openwall.com/lists/oss-security/2023/07/20/1
http://www.openwall.com/lists/oss-security/2023/07/20/2
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/22/9

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.884304
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for openssh (CESA-2023:4382)
Resumen:	The remote host is missing an update for the 'openssh'; package(s) announced via the CESA-2023:4382 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the CESA-2023:4382 advisory. Vulnerability Insight: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'openssh' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-38408 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ https://security.gentoo.org/glsa/202307-01 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca https://news.ycombinator.com/item?id=36790196 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408 https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html http://www.openwall.com/lists/oss-security/2023/07/20/1 http://www.openwall.com/lists/oss-security/2023/07/20/2 http://www.openwall.com/lists/oss-security/2023/09/22/11 http://www.openwall.com/lists/oss-security/2023/09/22/9
Copyright	Copyright (C) 2024 Greenbone AG