Описание
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.
Отчет
The ability to execute OS commands is dependent on what quoting is present in the user-supplied ssh_config directive. However, it is generally the user's responsibility to validate arguments passed to SSH.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | openssh | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openssh | Out of support scope | ||
| Red Hat Enterprise Linux 8 | openssh | Fixed | RHSA-2024:0606 | 30.01.2024 |
| Red Hat Enterprise Linux 8 | openssh | Fixed | RHSA-2024:0606 | 30.01.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | openssh | Fixed | RHSA-2024:0429 | 25.01.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | openssh | Fixed | RHSA-2024:0594 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | openssh | Fixed | RHSA-2024:1130 | 05.03.2024 |
| Red Hat Enterprise Linux 9 | openssh | Fixed | RHSA-2024:1130 | 05.03.2024 |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | openssh | Fixed | RHSA-2026:1790 | 03.02.2026 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | openssh | Fixed | RHSA-2024:0455 | 25.01.2024 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...
6.5 Medium
CVSS3