Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-6004

Опубликовано: 03 янв. 2024
Источник: debian

Описание

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsshfixed0.10.6-1package

Примечания

  • https://www.libssh.org/security/advisories/CVE-2023-6004.txt

  • https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html

  • https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921 (libssh-0.10.6)

  • https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6)

  • Original patchset introduces a regression (with IPv6 parsing in ssh_options_set API):

  • https://gitlab.com/libssh/libssh-mirror/-/issues/227

Связанные уязвимости

ubuntu логотип

CVE-2023-6004

CVSS3: 4.8
ubuntu
около 2 лет назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

redhat логотип

CVE-2023-6004

CVSS3: 4.8
redhat
около 2 лет назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

nvd логотип

CVE-2023-6004

CVSS3: 4.8
nvd
около 2 лет назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

msrc логотип

CVE-2023-6004

CVSS3: 4.8
msrc
11 месяцев назад

Описание отсутствует

github логотип

GHSA-f35j-mfvw-p857

CVSS3: 3.9
github
около 2 лет назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.