OpenSSH vulnerability uncovered by researchers, RCE exploit developed
Attackers can remotely manipulate common libraries to execute arbitrary code


Security researchers have uncovered a vulnerability, tracked as CVE-2023-38408, in the secure networking suite OpenSSH which would allow hackers to remotely execute code using simple commands.
Exploitation of the vulnerability makes use of a commonly-used helper program in OpenSSH called ssh-agent, which holds a user’s private keys for use in frequent, often automated, SSH public key authentication.
Administrators managing remote servers often enable ‘ssh-agent forwarding’, which enables the ssh-agent to be accessed from a chosen server so that local SSH keys to be used without storing keys on the server itself.
Qualys researchers discovered that when a forwarded agent is set up using default settings, with PKCS11 enabled, it’s possible for a threat actor with a connection to the same remote server to load and unload shared libraries on a victim’s machine with malicious side effects.
Security researchers used this technique to achieve one-shot, remote code execution (RCE) by combining just four side effects of loading and unloading common shared libraries.
Once an attacker has achieved RCE, a host of malicious actions can be undertaken including the installation of malware, carrying out a data breach, or total system takeover.
“This newly uncovered ssh-agent vulnerability underlines the continuous need for rigorous security measures and immediate response,” wrote Saeed Abbasi, manager, Vulnerability Signatures at Qualys.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
RELATED RESOURCE
State of ransomware readiness 2022
Find out how organizations are defending against ransomware attacks today
“Even robust systems can harbor hidden vulnerabilities, as demonstrated by the shortcomings of the ssh-agent. Proactively rectifying such vulnerabilities through actions such as implementing patches is critical to maintaining the integrity of digital assets.”
OpenSSH is a widely-used solution for encrypted data transfer and remote logins, particularly by administrators seeking to easily manage SSH keys. It is used worldwide for secure connections.
Researchers found the default installations of Ubuntu Desktop 22.04 and 21.10 to be vulnerable and warned that other Linux distributions or operating systems could also be exploited if left unpatched.
Vulnerable OpenSSH releases include:
- 1:7.9p1-10+deb10u2
- 1:7.9p1-10+deb10u1
- 1:8.4p1-5+deb11u1
- 1:9.2p1-2
- 1:9.3p1-1
The issue has been fixed as of version 1:9.3p2-1.
OpenSSH noted that the flaw can only be exploited if specific libraries are present in the victim’s system, and that if agents are not forwarded to a hacker-compromised network, attacks cannot be achieved remotely.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
By Emma Woollacott Published
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
By Solomon Klappholz Published
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilities
News Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
By Emma Woollacott Published
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
By George Fitzmaurice Published
-
T-Mobile security chief insists its defenses stood up to attacks linked to Salt Typhoon
News No T-Mobile customers or services were affected after its security teams detected suspicious activity on their routers
By Solomon Klappholz Published
-
Securing your network in every direction with zero trust
Whitepaper Webinar on the evolution of network security
By ITPro Published
-
Turning your log and incident data into real-time security insights
Whitepaper Integrate multiple data sources for a comprehensive security view
By ITPro Published
-
Do more with less: Optimizing servers with HPE to maximize VMware licensing
Whitepaper Your trusted guide through the changes in the virtualization market
By ITPro Published