OpenSSH Vulnerabilities on RSA Authentication Manager 8.8 - CVE-2023-51385, CVE-2023-51767, CVE-2023-51384
1. OpenSSH OS Command Injection Vulnerability (CVE-2023-51385)
CVE-2023-51385
NVD Base Score: 6.5
SUSE Base Score: 6.5
Description:
In OpenSSH, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations.
Affected Versions:
OpenSSH versions prior to 9.6
2. OpenSSH Authentication Bypass Vulnerability (CVE-2023-51767)
CVE-2023-51767
NVD Base score: 7.0
SUSE Base score: 4.7
Description:
In OpenSSH, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit.
Affected Versions:
OpenSSH up to version 9.6
3. OpenSSH Incomplete Constrains Sensitive Information Disclosure Vulnerability (CVE-2023-51384)
CVE-2023-51384
NVD Base Score: 5.5
SUSE Base Score: 4.4
In ssh-agent in OpenSSH, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Affected Versions:
OpenSSH versions prior to 9.6
As per SUSE,
CVE-2023-51385 - Fixed, released equivalent patch is already available in the system
rsaadmin@bham:~> rpm -qa --changelog |grep -i CVE-2023-51385
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
CVE-2023-51767 - Wont Fix
"This vulnerability is exploitable only in specific lab type environment. They are harder to exploit and would require special configuration cases to be exploited anyways. In this case the attack relies on code changes to OpenSSH itself."
Note regarding this CVE from the openssh maintainers
> CVE-2023-51767 > > Upstream openssh maintainers dispute the likelihood of this bug as it was > tested against a modified ssh. Quote from Damien Miller - "achieving the > timing required to successfully exploit is close to impossible in the real > world."
CVE-2023-51384 - Not impacted
The destination constraints for PKCS11 modules have only been added in 9.3p1, and have not been backported by SUSE to older versions. So the security vulnerability does not impact older versions, as it does not offer this security constraint.
Note: the feature was only added in recent openssh versions, the security problem does not apply to earlier versions than 9.3p1
The OpenSSH version on RSA Authentication Manager 8.8 is OpenSSH_8.4p1
rsaadmin@bham:~> ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150400.7.75.1
RSA Authentication Manager 8.8 is not impacted by OpenSSH Vulnerabilities
Related Articles
Advisory regarding vulnerabilities reported by Oracle Java CVEs for applications running untrusted code Number of Views Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on RSA products Number of Views Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products Number of Views Security vulnerabilities CVE-2020-14882, CVE-2020-14883 and CVE-2020-14750, others in WebLogic an internal component in We… Number of Views OpenSSH memory corruption issue (CVE-2014-1692) in RSA Authentication Manager - False Positive Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
