905299 – (CVE-2023-28531) <net-misc/openssh-9.3_p1: ssh-add adds keys without intended constraints

Bug 905299 (CVE-2023-28531) - <net-misc/openssh-9.3_p1: ssh-add adds keys without intended constraints

Summary: <net-misc/openssh-9.3_p1: ssh-add adds keys without intended constraints

Status:	RESOLVED FIXED

Alias:	CVE-2023-28531

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	A4 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2023-04-29 17:04 UTC by John Helmert III
Modified:	2023-07-20 02:19 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-04-29 17:04:01 UTC

CVE-2023-28531:

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

Comment 1 Larry the Git Cow gentoo-dev

2023-07-20 02:18:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=6394ef8ae23b1cf183b45b603eceea6389a3c371

commit 6394ef8ae23b1cf183b45b603eceea6389a3c371
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-07-20 02:17:18 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-07-20 02:18:28 +0000

    [ GLSA 202307-01 ] OpenSSH: Remote Code Execution
    
    Bug: https://bugs.gentoo.org/892936
    Bug: https://bugs.gentoo.org/905299
    Bug: https://bugs.gentoo.org/910553
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202307-01.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)