CVE-2023-51385
Published: 20 December 2023
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Notes
| Author | Note |
|---|---|
| seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
bionic |
Released
(1:7.6p1-4ubuntu0.7+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(1:8.2p1-4ubuntu0.11)
|
|
| jammy |
Released
(1:8.9p1-3ubuntu0.6)
|
|
| lunar |
Released
(1:9.0p1-1ubuntu8.7)
|
|
| mantic |
Released
(1:9.3p1-1ubuntu3.2)
|
|
| noble |
Released
(1:9.6p1-3ubuntu1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Released
(1:9.6p1-1)
|
|
| xenial |
Released
(1:7.2p2-4ubuntu2.10+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches: upstream: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a |
||
|
openssh-ssh1 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(frozen on openssh 7.5p)
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |