Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-38408

Description

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

POC

Reference

- http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html

- https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

- https://news.ycombinator.com/item?id=36790196

- https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408

Github

- https://github.com/0xfke/500-free-TryHackMe-rooms

- https://github.com/0xor0ne/awesome-list

- https://github.com/5thphlame/Free-Rooms-TryHackMe

- https://github.com/ARESHAmohanad/THM

- https://github.com/ARESHAmohanad/tryhackme

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/Adel2411/cve-2023-38408

- https://github.com/Adel2411/cyber-combat

- https://github.com/Aijoo100/Aijoo100

- https://github.com/AlienTec1908/Magifi_HackMyVM_Hard

- https://github.com/ButchBytes-sec/TryHackMe

- https://github.com/Dh4v4l8/TRYHACKME-ROOMS

- https://github.com/FarelRA/MKM_ssh

- https://github.com/FirikiIntelligence/Courses

- https://github.com/Hunterdii/TryHackMe-Roadmap

- https://github.com/Hunterdii/tryhackme-free-rooms

- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2

- https://github.com/LucasPDiniz/CVE-2023-38408

- https://github.com/LucasPDiniz/StudyRoom

- https://github.com/Magisk-Modules-Repo/ssh

- https://github.com/Manjunath-Malagundla/itsecgames-assignment

- https://github.com/Maribel0370/Nebula-io

- https://github.com/MinLouisCyber/500-free-TryHackMe-rooms

- https://github.com/NeoOniX/5ATTACK

- https://github.com/Nick-Morbid/cve-2023-38408

- https://github.com/Osama-Montaser/DEPI_Project

- https://github.com/Ossito/pentest-notes

- https://github.com/Rld2303/Enterprise-Vulnerability-Assessment

- https://github.com/Rogilio/Hardening

- https://github.com/Shayanschakravarthy/tryhackme-free-rooms

- https://github.com/Shinbatsu/awesome-tryhackme

- https://github.com/Shinbatsu/tryhackme-awesome

- https://github.com/SinMaven/BugSauce

- https://github.com/SourcePointSecurity/SwampScan

- https://github.com/TX-One/CVE-2023-38408

- https://github.com/Threekiii/CVE

- https://github.com/a-s-m-asadujjaman/exploitables

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/alvarigno/ChocolateFire-DockerLab

- https://github.com/alvarigno22/ChocolateFire-DockerLab

- https://github.com/alvarigno22/NodeClimb-DockerLab

- https://github.com/amirphl/atlas

- https://github.com/aneasystone/github-trending

- https://github.com/bachkhoasoft/awesome-list-ks

- https://github.com/blessing-gao/SecurityPatcher

- https://github.com/bollwarm/SecToolSet

- https://github.com/boniyeamincse/tryhackmefreeroom

- https://github.com/byfranke/Estudo_de_Casos_HdB

- https://github.com/classic130/CVE-2023-38408

- https://github.com/dasarivarunreddy/free-rooms-tryhackme

- https://github.com/djalilayed/tryhackme

- https://github.com/dreizehnutters/nmap2csv

- https://github.com/edwinantony1995/Tryhackme

- https://github.com/fazilbaig1/cve_2023_38408_scanner

- https://github.com/firatesatoglu/iot-searchengine

- https://github.com/gopal1008/Task-1

- https://github.com/grisuno/LazyOwn

- https://github.com/hackingyseguridad/ssha

- https://github.com/imsalimansari/Try-Hack-Me-Roadmap

- https://github.com/johe123qwe/github-trending

- https://github.com/kalaiyarasan10203/ELEVATE_LABS_INTERNTASKS-NO-1

- https://github.com/kali-mx/CVE-2023-38408

- https://github.com/krazystar55/tryhackme

- https://github.com/krlabs/openssh-vulnerabilities

- https://github.com/lekctut/sdb-hw-13-01

- https://github.com/megabyte-b/Project-Ares

- https://github.com/mrtacojr/CVE-2023-38408

- https://github.com/nanasarpong024/tryhackme

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/ochysbliss/My-Tryhackme-

- https://github.com/okostine-panw/pc_scripts

- https://github.com/omaradds1/THM

- https://github.com/pawan-shivarkar/List-of-CVE-s-

- https://github.com/pawan-shivarkar/pawan-shivarkar

- https://github.com/pedr0alencar/vlab-metasploitable2

- https://github.com/pentestfunctions/thm-room-points

- https://github.com/phanfivequ/xinminxuehui-milou-d46T7p3s8FIwKQp0

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/rishabatra1802/TryHackMe_FreeRooms

- https://github.com/scmanjarrez/CVEScannerV2

- https://github.com/scmanjarrez/test

- https://github.com/sengpakrenha/tryhackeme

- https://github.com/snowcra5h/CVE-2023-38408

- https://github.com/testing-felickz/docker-scout-demo

- https://github.com/thesakibrahman/THM-Free-Room

- https://github.com/thmrevenant/tryhackme

- https://github.com/usd877/Penetration-Testing

- https://github.com/wooflock/nmap-airgapped-vulnscan

- https://github.com/wxrdnx/CVE-2023-38408