| VID |
14158 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The version of OpenSSH installed on the remote host is prior to 9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.3 advisory.
- ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add-h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. (CVE-2023-28531)
- ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records.
* References:
https://www.openssh.com/txt/release-9.3
* Platforms Affected:
OpenSSH prior to 9.3
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (9.3 or later), available from the OpenSSH Web site at http://www.openssh.org/ |
| Related URL |
CVE-2023-28531 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
