CVE-2023-6004: Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
First published: Wed Nov 22 2023(Updated: )
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libssh | <0.9.8 | 0.9.8 |
| redhat/libssh | <0.10.6 | 0.10.6 |
| debian/libssh | 0.9.8-0+deb11u1 0.10.6-0+deb12u1 0.11.1-1 | |
| Ubuntu | >=0.8.0<0.9.8 | |
| Ubuntu | >=0.10.0<0.10.6 | |
| Fedora | =38 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| IBM MQ | <=CD: v3.0.0, v3.0.1, v3.1.0 - 3.1.3 LTS: v2.0.0 - 2.0.22 Other Release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2 | |
| IBM MQ Advanced | <=CD: 9.3.4.0-r1, 9.3.4.1-r1,9.3.5.0-r1,9.3.5.0-r2,9.3.5.1-r1, 9.3.5.1-r2LTS: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2 Other Release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2 | |
| libssh | >=0.8.0<0.9.8 | |
| libssh | >=0.10.0<0.10.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255152
- https://access.redhat.com/errata/RHSA-2024:2504
- https://access.redhat.com/errata/RHSA-2024:3233
- https://bugzilla.redhat.com/show_bug.cgi?id=2251110
- https://access.redhat.com/security/cve/CVE-2023-6004
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
- https://security.netapp.com/advisory/ntap-20240223-0004/
- https://launchpad.net/bugs/cve/CVE-2023-6004
- https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
- https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19
- https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3
- https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1
- https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe
- https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901
- https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405
- https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b
- https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57
- https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921
- https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0
- https://gitlab.com/libssh/libssh-mirror/-/issues/227
- https://security-tracker.debian.org/tracker/CVE-2023-6004
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
- https://nvd.nist.gov/vuln/detail/CVE-2023-6004
- https://ubuntu.com/security/CVE-2023-6004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/275743
- https://www.ibm.com/support/pages/node/7157667 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-6004?
CVE-2023-6004 is considered a critical security vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2023-6004?
To fix CVE-2023-6004, upgrade libssh to versions 0.9.8, 0.10.6 or higher, as specified in the remediation guidelines.
What are the potential impacts of exploiting CVE-2023-6004?
Exploiting CVE-2023-6004 may allow an attacker to inject and execute malicious commands through the hostname parameter.
Which software is affected by CVE-2023-6004?
CVE-2023-6004 affects libssh versions below 0.9.8 and 0.10.6, as well as various IBM MQ products and container images.
Where can I find more details about CVE-2023-6004?
Detailed information about CVE-2023-6004 can typically be found in security advisory bulletins released by the vendors.
- collector/oss-sec
- alias/CVE-2023-51385
- alias/CVE-2023-6004
- agent/type
- agent/first-publish-date
- agent/title
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/author
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/source
- agent/description
- agent/trending
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/ibm-support
- source/IBM
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- package-manager/redhat
- package-manager/debian
- vendor/libssh
- canonical/ubuntu
- version/ubuntu/0.8.0
- version/ubuntu/0.10.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/38
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/ibm
- canonical/ibm mq
- version/ibm mq/cd: v3.0.0, v3.0.1, v3.1.0 - 3.1.3 lts: v2.0.0 - 2.0.22 other release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
- canonical/ibm mq advanced
- version/ibm mq advanced/cd: 9.3.4.0-r1, 9.3.4.1-r1,9.3.5.0-r1,9.3.5.0-r2,9.3.5.1-r1, 9.3.5.1-r2lts: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2 other release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2
- canonical/libssh
- version/libssh/0.8.0
- version/libssh/0.10.0