CVE-2023-51384: Incomplete Destination Constraint Application in ssh-agent in OpenSSH before 9.6

In this post, we will discuss CVE-2023-51384, a vulnerability found in the ssh-agent component of OpenSSH versions before 9.6. We will provide an overview of the vulnerability, a code snippet to understand the issue, original references for more context, and details about the exploit.

Overview

The CVE-2023-51384 vulnerability was identified in ssh-agent, a component of OpenSSH, which is a widely used suite of secure networking utilities. Particularly, this vulnerability is related to the incomplete application of destination constraints when adding PKCS#11-hosted private keys.

The affected OpenSSH versions are those before 9.6. When destination constraints are specified during the addition of PKCS#11-hosted private keys, the constraints are only applied to the first key, even if the PKCS#11 token returns multiple keys. This can potentially allow an attacker to bypass these destination constraints and gain unauthorized access.

To better understand this vulnerability, let's take a look at a simplified code snippet

// Sample Code
void process_add_keys(char *token_path, char *destination_constraints) {
    int i;
    PKCS11_KEY *keys[10];

    // Load keys from the PKCS#11 token
    load_keys_from_token(token_path, keys);

    for (i = ; i < 10; i++) {
        if (keys[i] != NULL) {
            // Add key to ssh-agent
            add_key_to_agent(keys[i]);

            // Apply destination constraints only for the first key
            if (i == ) {
                apply_destination_constraints(keys[i], destination_constraints);
            }
        }
    }
}

In the code above, we can see that the process_add_keys function is meant to add keys from a PKCS#11 token to the ssh-agent. It then applies destination constraints to the loaded keys. However, the constraints are only applied to the first key (when i == ), leaving all other keys without these constraints.

For more information, you can check the following references

1. Official OpenSSH Website: https://www.openssh.com

2. OpenSSH Changelog: https://www.openssh.com/releasenotes.html

3. NIST's National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2023-51384

Exploit Details

Since the destination constraints are not applied to all keys from a PKCS#11 token, an attacker could potentially exploit the vulnerability by manipulating the order of the keys so that an unconstrained key is the second or later key. Furthermore, the attacker could create a malicious PKCS#11 token containing additional keys that are not subject to destination constraints. In both scenarios, the attacker might be able to bypass the destination constraints and gain unauthorized access to the target system.

Conclusion

CVE-2023-51384 is an important vulnerability in the ssh-agent component of OpenSSH versions before 9.6, resulting from the incomplete application of destination constraints when adding PKCS#11-hosted private keys. It is recommended that users of affected OpenSSH versions upgrade to version 9.6 or later to protect their systems from potential exploitation. Additionally, ssh-agent users should verify that the destination constraints are correctly applied to all keys when importing PKCS#11-hosted private keys.

Timeline

Published on: 12/18/2023 19:15:08 UTC
Last modified on: 01/05/2024 18:15:29 UTC