Safety-related information OpenSSH vulnerability
Impact of the CVE-2023-38408 vulnerability on our products
I. Summary of the vulnerability
Publication:
19.07.2023
Description:
CVE-2023-38408: A security vulnerability exists in the OpenSSH encryption suite and tool collection. The issue is based on an insufficient fix to the CVE-2016-10009 vulnerability, which OpenSSH 7.4 was supposed to patch in 2017. The PKCS#11 function in the ssh-agent in OpenSSH before 9.3p2 uses an untrusted search path, allowing attackers to inject and execute malicious code if an ssh-agent is forwarded to an attacker-controlled system. Version 9.3p2 closes the vulnerability.
19.07.2023
Description:
CVE-2023-38408: A security vulnerability exists in the OpenSSH encryption suite and tool collection. The issue is based on an insufficient fix to the CVE-2016-10009 vulnerability, which OpenSSH 7.4 was supposed to patch in 2017. The PKCS#11 function in the ssh-agent in OpenSSH before 9.3p2 uses an untrusted search path, allowing attackers to inject and execute malicious code if an ssh-agent is forwarded to an attacker-controlled system. Version 9.3p2 closes the vulnerability.
II. Effects on our products
TA Triumph-Adler products are not affected by this vulnerability.