 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.13.2023.200.02 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2023-200-02) |
| Resumen: | The remote host is missing an update for the 'openssh' package(s) announced via the SSA:2023-200-02 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'openssh' package(s) announced via the SSA:2023-200-02 advisory. Vulnerability Insight: New openssh packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/openssh-9.3p2-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code execution relating to PKCS#11 providers. The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Potentially-incompatible changes: * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour: '-Oallow-remote-pkcs11'. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'openssh' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-38408 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/ https://security.gentoo.org/glsa/202307-01 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8 https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca https://news.ycombinator.com/item?id=36790196 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408 https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html http://www.openwall.com/lists/oss-security/2023/07/20/1 http://www.openwall.com/lists/oss-security/2023/07/20/2 http://www.openwall.com/lists/oss-security/2023/09/22/11 http://www.openwall.com/lists/oss-security/2023/09/22/9 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |