Home / exploitsPDF  

OpenSSH Forwarded SSH-Agent Remote Code Execution

Posted on 20 July 2023

The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

 

TOP