Back to bug 2224173
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-07-20 06:12:28 UTC | Alias | CVE-2023-38408 | TRIAGE-CVE-2023-38408 |
| Summary | CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support | TRIAGE-CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support | ||
| Avinash Hanwate | 2023-07-20 06:14:26 UTC | Blocks | 2224174 | |
| Sandipan Roy | 2023-07-20 07:03:05 UTC | Alias | TRIAGE-CVE-2023-38408 | CVE-2023-38408 |
| Summary | TRIAGE-CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support | CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support | ||
| Sandipan Roy | 2023-07-20 07:03:26 UTC | Depends On | 2224179 | |
| Sandipan Roy | 2023-07-20 07:04:24 UTC | Depends On | 2224191, 2224189, 2224180, 2224182, 2224186, 2224183, 2224188, 2224190, 2224181, 2224184, 2224187 | |
| Sandipan Roy | 2023-07-20 07:09:01 UTC | Doc Text | A vulnerability was found in OpenSSH. The PKCS#11 feature in ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.). An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. | |
| Florian Weimer | 2023-07-20 12:13:40 UTC | CC | fweimer | |
| Matt | 2023-07-20 12:51:44 UTC | CC | mvanderw | |
| RaTasha Tillery-Smith | 2023-07-20 13:49:25 UTC | Doc Text | A vulnerability was found in OpenSSH. The PKCS#11 feature in ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.). An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. | A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent. |
| Kazu Yoshida | 2023-07-25 02:12:24 UTC | CC | kyoshida | |
| Flos Qi Guo | 2023-07-25 02:28:47 UTC | CC | qguo | |
| Brian McCafferty | 2023-07-25 10:11:11 UTC | CC | chaekim | |
| CC | bdm | |||
| Srikanth Balasubramanian | 2023-07-26 05:40:55 UTC | Flags | needinfo?(dbelyavs) | |
| CC | sbalasub | |||
| Dmitry Belyavskiy | 2023-07-26 08:13:27 UTC | Flags | needinfo?(dbelyavs) | |
| Manish Dogra | 2023-07-27 13:33:43 UTC | CC | jnoh | |
| CC | mdogra | |||
| Flags | needinfo?(ahanwate) | |||
| Avinash Hanwate | 2023-07-28 04:40:15 UTC | CC | saroy | |
| Flags | needinfo?(ahanwate) | needinfo?(saroy) | ||
| Avinash Hanwate | 2023-07-28 04:40:54 UTC | Comment | 7 | updated |
| Srikanth Balasubramanian | 2023-07-28 05:40:47 UTC | Flags | needinfo?(dbelyavs) | |
| Dmitry Belyavskiy | 2023-07-28 07:39:33 UTC | Flags | needinfo?(dbelyavs) | |
| Michael Nhan | 2023-07-28 13:40:43 UTC | CC | michael.n.nhan | |
| Sandipan Roy | 2023-07-31 04:47:59 UTC | Flags | needinfo?(saroy) | |
| errata-xmlrpc | 2023-07-31 09:23:13 UTC | Link ID | Red Hat Product Errata RHSA-2023:4329 | |
| errata-xmlrpc | 2023-08-01 09:16:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:4381 | |
| errata-xmlrpc | 2023-08-01 09:26:10 UTC | Link ID | Red Hat Product Errata RHSA-2023:4383 | |
| errata-xmlrpc | 2023-08-01 09:31:36 UTC | Link ID | Red Hat Product Errata RHSA-2023:4384 | |
| errata-xmlrpc | 2023-08-01 09:33:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:4382 | |
| errata-xmlrpc | 2023-08-01 14:02:02 UTC | Link ID | Red Hat Product Errata RHSA-2023:4412 | |
| errata-xmlrpc | 2023-08-01 14:11:15 UTC | Link ID | Red Hat Product Errata RHSA-2023:4413 | |
| errata-xmlrpc | 2023-08-01 14:30:00 UTC | Link ID | Red Hat Product Errata RHSA-2023:4419 | |
| errata-xmlrpc | 2023-08-01 15:19:22 UTC | Link ID | Red Hat Product Errata RHBA-2023:4422 | |
| errata-xmlrpc | 2023-08-02 07:56:24 UTC | Link ID | Red Hat Product Errata RHSA-2023:4428 | |
| Product Security DevOps Team | 2023-08-02 12:10:08 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-08-02 12:10:08 UTC | |||
| errata-xmlrpc | 2023-08-02 13:34:02 UTC | Link ID | Red Hat Product Errata RHBA-2023:4433 | |
| errata-xmlrpc | 2023-08-02 14:18:13 UTC | Link ID | Red Hat Product Errata RHBA-2023:4435 | |
| errata-xmlrpc | 2023-08-02 14:18:16 UTC | Link ID | Red Hat Product Errata RHBA-2023:4434 | |
| errata-xmlrpc | 2023-08-02 15:05:11 UTC | Link ID | Red Hat Product Errata RHBA-2023:4436 | |
| errata-xmlrpc | 2023-08-03 08:41:33 UTC | Link ID | Red Hat Product Errata RHBA-2023:4452 | |
| errata-xmlrpc | 2023-08-03 08:41:41 UTC | Link ID | Red Hat Product Errata RHBA-2023:4451 | |
| errata-xmlrpc | 2023-08-03 08:46:10 UTC | Link ID | Red Hat Product Errata RHBA-2023:4450 | |
| errata-xmlrpc | 2023-08-03 09:06:13 UTC | Link ID | Red Hat Product Errata RHBA-2023:4454 | |
| errata-xmlrpc | 2023-08-03 09:07:39 UTC | Link ID | Red Hat Product Errata RHBA-2023:4453 | |
| errata-xmlrpc | 2023-08-03 13:41:43 UTC | Link ID | Red Hat Product Errata RHBA-2023:4467 | |
| errata-xmlrpc | 2023-08-03 22:47:27 UTC | Link ID | Red Hat Product Errata RHBA-2023:4477 | |
| errata-xmlrpc | 2023-08-03 22:51:53 UTC | Link ID | Red Hat Product Errata RHBA-2023:4478 | |
| errata-xmlrpc | 2023-08-03 22:52:58 UTC | Link ID | Red Hat Product Errata RHBA-2023:4479 | |
| errata-xmlrpc | 2023-08-03 22:53:13 UTC | Link ID | Red Hat Product Errata RHBA-2023:4480 | |
| errata-xmlrpc | 2023-08-03 22:53:59 UTC | Link ID | Red Hat Product Errata RHBA-2023:4481 | |
| errata-xmlrpc | 2023-08-03 22:54:52 UTC | Link ID | Red Hat Product Errata RHBA-2023:4482 | |
| errata-xmlrpc | 2023-08-03 22:55:02 UTC | Link ID | Red Hat Product Errata RHBA-2023:4483 | |
| errata-xmlrpc | 2023-08-03 22:56:04 UTC | Link ID | Red Hat Product Errata RHBA-2023:4484 | |
| errata-xmlrpc | 2023-08-07 11:42:26 UTC | Link ID | Red Hat Product Errata RHBA-2023:4502 | |
| errata-xmlrpc | 2023-08-07 13:39:40 UTC | Link ID | Red Hat Product Errata RHBA-2023:4503 | |
| errata-xmlrpc | 2023-08-07 13:39:45 UTC | Link ID | Red Hat Product Errata RHBA-2023:4504 | |
| errata-xmlrpc | 2023-08-07 15:10:29 UTC | Link ID | Red Hat Product Errata RHBA-2023:4510 | |
| errata-xmlrpc | 2023-08-08 08:10:28 UTC | Link ID | Red Hat Product Errata RHBA-2023:4542 | |
| errata-xmlrpc | 2023-08-09 09:09:19 UTC | Link ID | Red Hat Product Errata RHBA-2023:4589 | |
| errata-xmlrpc | 2023-08-09 15:09:53 UTC | Link ID | Red Hat Product Errata RHBA-2023:4593 |
Back to bug 2224173