It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the system running the ssh-agent. Note that the attacker must have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent.
This issue was fixed by only allowing the loading of module from a trusted (and configurable) whitelist.
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1406296]
If we will want to fix it, we need to change the whitelist to something reasonable, because all of our PKCS#11 libraries are on x68_64 under /usr/lib64/
See the upstream discussion:
In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful exploitation, this issue has been rated as having Moderate security impact. A future update may address this flaw.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029