OpenSSH Vulnerabilities on RSA Authentication Manager 8.8 - CVE-2023-51385, CVE-2023-51767, CVE-2023-51384
1. OpenSSH OS Command Injection Vulnerability (CVE-2023-51385)
CVE-2023-51385
NVD Base Score: 6.5
SUSE Base Score: 6.5
Description:
In OpenSSH, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations.
Affected Versions:
OpenSSH versions prior to 9.6
2. OpenSSH Authentication Bypass Vulnerability (CVE-2023-51767)
CVE-2023-51767
NVD Base score: 7.0
SUSE Base score: 4.7
Description:
In OpenSSH, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit.
Affected Versions:
OpenSSH up to version 9.6
3. OpenSSH Incomplete Constrains Sensitive Information Disclosure Vulnerability (CVE-2023-51384)
CVE-2023-51384
NVD Base Score: 5.5
SUSE Base Score: 4.4
In ssh-agent in OpenSSH, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Affected Versions:
OpenSSH versions prior to 9.6
As per SUSE,
CVE-2023-51385 - Fixed, released equivalent patch is already available in the system
rsaadmin@bham:~> rpm -qa --changelog |grep -i CVE-2023-51385
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
CVE-2023-51767 - Wont Fix
"This vulnerability is exploitable only in specific lab type environment. They are harder to exploit and would require special configuration cases to be exploited anyways. In this case the attack relies on code changes to OpenSSH itself."
Note regarding this CVE from the openssh maintainers
> CVE-2023-51767 > > Upstream openssh maintainers dispute the likelihood of this bug as it was > tested against a modified ssh. Quote from Damien Miller - "achieving the > timing required to successfully exploit is close to impossible in the real > world."
CVE-2023-51384 - Not impacted
The destination constraints for PKCS11 modules have only been added in 9.3p1, and have not been backported by SUSE to older versions. So the security vulnerability does not impact older versions, as it does not offer this security constraint.
Note: the feature was only added in recent openssh versions, the security problem does not apply to earlier versions than 9.3p1
The OpenSSH version on RSA Authentication Manager 8.8 is OpenSSH_8.4p1
rsaadmin@bham:~> ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150400.7.75.1
RSA Authentication Manager 8.8 is not impacted by OpenSSH Vulnerabilities
Related Articles
Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on RSA products Number of Views Apache vulnerability 'Apache HTTP Server mod_rewrite' from scan Number of Views Spring-related vulnerabilities for RSA Authentication Manager Number of Views How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later Number of Views How to access the Notifications Icon in IE11 when browsing RSA Identity Governance & LifecycIe Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
