UBUNTU-CVE-2023-6004
- Source
- https://ubuntu.com/security/CVE-2023-6004
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-6004.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-6004
- Related
- Published
- 2024-01-03T17:15:00Z
- Modified
- 2024-01-03T17:15:00Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
- References
-
- https://ubuntu.com/security/CVE-2023-6004
- https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
- https://www.libssh.org/security/advisories/CVE-2023-6004.txt
- https://ubuntu.com/security/notices/USN-6592-1
- https://ubuntu.com/security/notices/USN-6592-2
- https://www.cve.org/CVERecord?id=CVE-2023-6004
Affected packages
Ubuntu:Pro:16.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.6.3-4.3ubuntu0.6+esm1
Affected versions
0.*
0.6.3-3ubuntu3
0.6.3-4.1
0.6.3-4.2
0.6.3-4.2ubuntu1
0.6.3-4.3
0.6.3-4.3ubuntu0.1
0.6.3-4.3ubuntu0.2
0.6.3-4.3ubuntu0.5
0.6.3-4.3ubuntu0.6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-4"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-dbg"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-dev-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-gcrypt-dev"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm1",
"binary_name": "libssh-gcrypt-dev-dbgsym"
}
]
}
Ubuntu:Pro:18.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh?arch=src?distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
Affected versions
0.*
0.7.5-1
0.8.0~20170825.94fa1e38-1
0.8.0~20170825.94fa1e38-1build1
0.8.0~20170825.94fa1e38-1ubuntu0.1
0.8.0~20170825.94fa1e38-1ubuntu0.2
0.8.0~20170825.94fa1e38-1ubuntu0.5
0.8.0~20170825.94fa1e38-1ubuntu0.6
0.8.0~20170825.94fa1e38-1ubuntu0.7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-4"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3",
"binary_name": "libssh-gcrypt-dev"
}
]
}
Ubuntu:20.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.3-2ubuntu2.5
Affected versions
0.*
0.9.0-1ubuntu1
0.9.0-1ubuntu4
0.9.0-1ubuntu5
0.9.3-2ubuntu1
0.9.3-2ubuntu2
0.9.3-2ubuntu2.1
0.9.3-2ubuntu2.2
0.9.3-2ubuntu2.3
0.9.3-2ubuntu2.4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-4"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.9.3-2ubuntu2.5",
"binary_name": "libssh-gcrypt-dev"
}
]
}
Ubuntu:22.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.6-2ubuntu0.22.04.3
Affected versions
0.*
0.9.6-1
0.9.6-1build1
0.9.6-2
0.9.6-2build1
0.9.6-2ubuntu0.22.04.1
0.9.6-2ubuntu0.22.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-4"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.3",
"binary_name": "libssh-gcrypt-dev"
}
]
}