Critical OpenSSH vulnerability CVE-2023-38408 allows remote command injection on Linux systems

A new vulnerability, CVE-2023-38408, has been found in OpenSSH that could allow remote command injection on compromised Linux systems under certain circumstances. The flaw affects all versions of OpenSSH up to 9.3p2 and could let a remote attacker execute arbitrary commands on the forwarded ssh-agent of vulnerable systems.

For the vulnerability to be successfully exploited, specific libraries on the victim's system and the SSH authentication agent must be forwarded to a system controlled by the attacker. The attacker can manipulate the SSH agent, a background program that stores user keys in memory and enables remote logins without the need for passphrase re-entry, by loading and unloading shared libraries through the forwarded ssh-agent, compiled with ENABLE_PKCS11, the default setting.

Cybersecurity company Qualys has shown a successful proof-of-concept of this exploit on default installations of Ubuntu Desktop 22.04 and 21.10, implying other Linux distributions may also be susceptible. OpenSSH users are advised to update to the latest version to strengthen their defenses against potential cyber threats, following the discovery of this new vulnerability.