UBUNTU-CVE-2023-51385 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2023-51385

MEDIUM6.5

Published Dec 20, 2023

Modified 9 months ago

Fix available

Details

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Affected Packages(23 packages)

openssh

Ubuntu 22.04 LTS

Affected versions:

1:8.4p1-6ubuntu21:8.7p1-21:8.7p1-2build11:8.7p1-41:8.8p1-11:8.9p1-31:8.9p1-3ubuntu0.11:8.9p1-3ubuntu0.31:8.9p1-3ubuntu0.41:8.9p1-3ubuntu0.5

Fixed in:

1:8.9p1-3ubuntu0.6

openssh

Ubuntu FIPS-updates 18.04 LTS

Affected versions:

1:7.9p1-10~ubuntu18.04.fips.0.11:7.9p1-10~ubuntu18.04.fips.0.21:7.9p1-10~ubuntu18.04.fips.0.31:7.9p1-10~ubuntu18.04.fips.0.41:7.9p1-10~ubuntu18.04.fips.0.51:7.9p1-10~ubuntu18.04.fips.0.61:7.9p1-10~ubuntu18.04.fips.0.71:7.9p1-10~ubuntu18.04.fips.0.8

openssh

Ubuntu Pro FIPS 16.04 LTS

Affected versions:

1:7.2p2-4ubuntu2.fips.2.10.11:7.2p2-4ubuntu2.fips.2.10.21:7.2p2-4ubuntu2.fips.2.10.31:7.2p2-4ubuntu2.fips.2.10.41:7.2p2-4ubuntu2.fips.2.10.51:7.2p2-4ubuntu2.fips.2.2.31:7.2p2-4ubuntu2.fips.2.4.11:7.2p2-4ubuntu2.fips.2.4.21:7.2p2-4ubuntu2.fips.2.8.1

Fixed in:

1:7.2p2-4ubuntu2.fips.2.10.6

openssh

Ubuntu Pro FIPS 16.04 LTS

Affected versions:

1:7.2p2-4ubuntu2.fips.2.10.11:7.2p2-4ubuntu2.fips.2.21:7.2p2-4ubuntu2.fips.2.2.1

openssh

Ubuntu Pro 18.04 LTS

Affected versions:

1:7.5p1-101:7.6p1-41:7.6p1-4ubuntu0.11:7.6p1-4ubuntu0.21:7.6p1-4ubuntu0.31:7.6p1-4ubuntu0.51:7.6p1-4ubuntu0.61:7.6p1-4ubuntu0.71:7.6p1-4ubuntu0.7+esm11:7.6p1-4ubuntu0.7+esm2

Fixed in:

1:7.6p1-4ubuntu0.7+esm3

openssh

Ubuntu FIPS 20.04 LTSUbuntu Pro FIPS 20.04 LTS

Affected versions:

1:8.2p1-4ubuntu0.fips.0.2.1

openssh

Ubuntu Pro FIPS-updates 18.04 LTS

Affected versions:

Fixed in:

1:7.9p1-10~ubuntu18.04.fips.0.9

openssh

Ubuntu Pro FIPS 18.04 LTSUbuntu FIPS 18.04 LTS

Affected versions:

1:7.9p1-10~ubuntu18.04.fips.0.11:7.9p1-10~ubuntu18.04.fips.0.2

openssh

Ubuntu 20.04 LTS

Affected versions:

1:8.0p1-6build11:8.1p1-11:8.1p1-51:8.2p1-41:8.2p1-4ubuntu0.11:8.2p1-4ubuntu0.101:8.2p1-4ubuntu0.21:8.2p1-4ubuntu0.31:8.2p1-4ubuntu0.41:8.2p1-4ubuntu0.5+3 more

Fixed in:

1:8.2p1-4ubuntu0.11

openssh

Ubuntu FIPS-updates 20.04 LTS

Affected versions:

1:8.2p1-4ubuntu0.fips.0.101:8.2p1-4ubuntu0.fips.0.2.11:8.2p1-4ubuntu0.fips.0.4.01:8.2p1-4ubuntu0.fips.0.5.01:8.2p1-4ubuntu0.fips.0.71:8.2p1-4ubuntu0.fips.0.81:8.2p1-4ubuntu0.fips.0.9

References

REPORT

https://ubuntu.com/security/CVE-2023-51385

REPORT

https://ubuntu.com/security/notices/USN-6560-2

REPORT

https://ubuntu.com/security/notices/USN-6560-3

REPORT

https://ubuntu.com/security/notices/USN-6565-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2023-51385

REPORT