Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-38408 PoC — OpenSSH 代码问题漏洞

Source
https://github.com/fazilbaig1/cve_2023_38408_scanner
Associated Vulnerability
Title:OpenSSH 代码问题漏洞 (CVE-2023-38408)
Description:The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Description
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server with ssh -A, they allow the agent on their local machine to be used for authentication to further systems
Readme
# cve_2023_38408_scanner
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions &lt; 9.3p2 

USE :python cve_2023_38408_scanner.py -t {ip} -p {port}
File Snapshot

 [4.0K]  /data/pocs/70c87b9a220f7626292d26f665497783edb70aa3
├── [2.2K]  cve_2023_38408_scanner.py
└── [ 157]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →