# N/A
## 概述
在 OpenSSH 9.3p2 之前的版本中,ssh-agent 的 PKCS#11 特性存在一个不可信的搜索路径问题,可能导致远程代码执行,尤其是当代理被转发到攻击者控制的系统时。
## 影响版本
OpenSSH 9.3p2 之前的版本
## 细节
攻击者可以利用此问题通过 ssh-agent 加载不受信任的 PKCS#11 库,从而执行任意代码。这是因为默认搜索路径 `/usr/lib` 中的库可能不受信任。
## 影响
如果 ssh-agent 被转发到受攻击者控制的系统,攻击者可以通过加载恶意 PKCS#11 库来执行远程代码。此问题是由 CVE-2016-10009 的修补不完全导致的。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent | https://github.com/snowcra5h/CVE-2023-38408 | POC详情 |
| 2 | PoC for the recent critical vuln affecting OpenSSH versions < 9.3p2 | https://github.com/kali-mx/CVE-2023-38408 | POC详情 |
| 3 | Takeover Account OpenSSH | https://github.com/LucasPDiniz/CVE-2023-38408 | POC详情 |
| 4 | CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent | https://github.com/classic130/CVE-2023-38408 | POC详情 |
| 5 | None | https://github.com/wxrdnx/CVE-2023-38408 | POC详情 |
| 6 | Script para eliminar vulnerabilidad de openssh de ubuntu 22.04 LTS | https://github.com/mrtacojr/CVE-2023-38408 | POC详情 |
| 7 | None | https://github.com/0xxnum/CVE-2023-38408 | POC详情 |
| 8 | Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server with ssh -A, they allow the agent on their local machine to be used for authentication to further systems | https://github.com/fazilbaig1/cve_2023_38408_scanner | POC详情 |
| 9 | None | https://github.com/Nick-Morbid/cve-2023-38408 | POC详情 |
| 10 | CVE-2023-38408 SSH Vulnerability Scanner & PoC | https://github.com/TX-One/CVE-2023-38408 | POC详情 |
| 11 | An in-depth analysis of CVE 2023 38408, a critical OpenSSH vulnerability, including technical background, exploitation in controlled environments, and mitigation strategies. | https://github.com/Adel2411/cve-2023-38408 | POC详情 |
暂无评论