Home / os / blackberry
OpenSSH Forwarded SSH-Agent Remote Code Execution
Posted on 20 July 2023
The PKCS#11 feature in ssh-agent in OpenSSH versions prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.