Описание
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
A flaw was found in OpenSSH. When specifying destination constraints while adding PKCS#11-hosted private keys, the constraints only apply to the first key even in cases where the token returns multiple keys.
Отчет
This vulnerability only applies to instances where destination constraints are defined and multiple keys are returned from a PKCS#11 token. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. The affected functionality was added only in OpenSSH 8.9, we have earlier version in Red Hat Enterprise Linux 6, 7, 8 and 9.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openssh | Not affected | ||
| Red Hat Enterprise Linux 7 | openssh | Not affected | ||
| Red Hat Enterprise Linux 8 | openssh | Not affected | ||
| Red Hat Enterprise Linux 9 | openssh | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
EPSS
5.5 Medium
CVSS3