Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-38408 PoC — OpenSSH 代码问题漏洞

Source
https://github.com/fazilbaig1/cve_2023_38408_scanner
Associated Vulnerability
Title:OpenSSH 代码问题漏洞 (CVE-2023-38408)
Description:The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Description
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server with ssh -A, they allow the agent on their local machine to be used for authentication to further systems
Readme
# cve_2023_38408_scanner
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions &lt; 9.3p2 

USE :python cve_2023_38408_scanner.py -t {ip} -p {port}
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →