Bug 2251110 (CVE-2023-6004) - CVE-2023-6004 libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
Summary: CVE-2023-6004 libssh: ProxyCommand/ProxyJump features allow injection of mali...
Keywords:
Status: NEW
Alias: CVE-2023-6004
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2255152
Blocks: 2251111
TreeView+ depends on / blocked
 
Reported: 2023-11-22 23:23 UTC by Anten Skrabec
Modified: 2024-05-22 10:19 UTC (History)
2 users (show)

Fixed In Version: libssh 0.9.8, libssh 0.10.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2504 0 None None None 2024-04-30 11:01:03 UTC
Red Hat Product Errata RHSA-2024:3233 0 None None None 2024-05-22 10:19:53 UTC

Description Anten Skrabec 2023-11-22 23:23:13 UTC
Using the ProxyCommand or the ProxyJump feature enables users to exploit
unchecked hostname syntax on the client, which enables to inject malicious code
into the command of the above-mentioned features through the hostname parameter.

User interaction is required to exploit this issue.

Comment 2 Anten Skrabec 2023-12-18 22:29:41 UTC
Created libssh tracking bugs for this issue:

Affects: fedora-all [bug 2255152]

Comment 4 errata-xmlrpc 2024-04-30 11:01:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2504 https://access.redhat.com/errata/RHSA-2024:2504

Comment 5 errata-xmlrpc 2024-05-22 10:19:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3233 https://access.redhat.com/errata/RHSA-2024:3233


Note You need to log in before you can comment on or make changes to this bug.