VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Oct 15, 2024

CVE-2023-38408

CVE-2023-38408

Description

OpenSSH ssh-agent before 9.3p2 enables RCE via forwarded agent by loading arbitrary libraries from /usr/lib through PKCS#11, due to incomplete fix for CVE-2016-10009.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenSSH ssh-agent before 9.3p2 enables RCE via forwarded agent by loading arbitrary libraries from /usr/lib through PKCS#11, due to incomplete fix for CVE-2016-10009.

Vulnerability

The PKCS#11 feature in ssh-agent (compiled with ENABLE_PKCS11, which is default) allows loading shared libraries through the SSH_AGENTC_ADD_SMARTCARD_KEY command. Due to an insufficiently trustworthy search path, an attacker can force the agent to load and immediately unload (dlopen()/dlclose()) any shared library from /usr/lib* on the host where the agent is running. This was an incomplete fix for CVE-2016-10009. Affected versions include OpenSSH before 9.3p2 [1][4].

Exploitation

An attacker with access to a remote server where the victim's ssh-agent is forwarded (via -A or ForwardAgent) can send a series of SSH_AGENTC_ADD_SMARTCARD_KEY requests. By carefully choosing libraries, the attacker can trigger a use-after-free: first load a library that registers a signal handler (e.g., SIGBUS), then load a second library that overwrites that handler's code, and finally load a library that causes a SIGBUS, jumping to attacker-controlled code. This technique exploits the fact that dlclose() does not always unmap libraries due to the NODELETE flag, and that many libraries have constructor/destructor side effects [3][4].

Impact

Successful exploitation achieves remote code execution on the victim's workstation where ssh-agent is running, at the privilege level of the user running the agent. The attacker can then access the user's private keys, execute arbitrary commands, and potentially pivot to other systems. The compromise is stealthy because the agent process terminates on error after the attack [4].

Mitigation

The vulnerability is fixed in OpenSSH version 9.3p2, released on July 19, 2023. Users should update their OpenSSH packages immediately. As a workaround, administrators can disable agent forwarding (ForwardAgent no) or use jump hosts (-J) instead of forwarding the agent [1][4].

References
  1. security - Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
  2. Remote code execution in OpenSSH’s forwarded SSH-agent
  3. https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

86

Patches

0

No patches discovered yet.

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

20

News mentions

0

No linked articles in our index yet.