Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
CVE-2023-6004

4.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Libssh; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 January 2024

Summary

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Affected Version(s)

libssh 0.9.8

libssh 0.10.6

References

https://access.redhat.com/security/cve/CVE-2023-6004

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2251110

issue-trackingx_refsource_REDHAT

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Nov 7, 2023

Credit

Red Hat would like to thank Norbert Pocs (libssh) and [email protected] for reporting this issue.