SUSE update for openssh

Published: 2021-12-22

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2021-28041
CWE-ID	CWE-415
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SUSE MicroOS Operating systems & Components / Operating system SUSE Linux Enterprise Module for Desktop Applications Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system SUSE Linux Enterprise Module for Server Applications Operating systems & Components / Operating system openssh-helpers-debuginfo Operating systems & Components / Operating system package or component openssh-helpers Operating systems & Components / Operating system package or component openssh-askpass-gnome-debugsource Operating systems & Components / Operating system package or component openssh-askpass-gnome-debuginfo Operating systems & Components / Operating system package or component openssh-askpass-gnome Operating systems & Components / Operating system package or component openssh-server-debuginfo Operating systems & Components / Operating system package or component openssh-server Operating systems & Components / Operating system package or component openssh-fips Operating systems & Components / Operating system package or component openssh-debugsource Operating systems & Components / Operating system package or component openssh-debuginfo Operating systems & Components / Operating system package or component openssh-common-debuginfo Operating systems & Components / Operating system package or component openssh-common Operating systems & Components / Operating system package or component openssh-clients-debuginfo Operating systems & Components / Operating system package or component openssh-clients Operating systems & Components / Operating system package or component openssh Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Double Free

EUVDB-ID: #VU51444

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28041

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ssh-agent. A remote attacker can trick the victim to connect to a server, where the attacker has root privileges, pass specially crafted data to the ssh client, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package openssh to the latest version.

Vulnerable software versions

SUSE MicroOS: 5.1

SUSE Linux Enterprise Module for Desktop Applications: 15-SP3

SUSE Linux Enterprise Module for Basesystem: 15-SP3

SUSE Linux Enterprise Module for Server Applications: 15-SP3

openssh-helpers-debuginfo: before 8.4p1-3.9.1

openssh-helpers: before 8.4p1-3.9.1

openssh-askpass-gnome-debugsource: before 8.4p1-3.9.1

openssh-askpass-gnome-debuginfo: before 8.4p1-3.9.1

openssh-askpass-gnome: before 8.4p1-3.9.1

openssh-server-debuginfo: before 8.4p1-3.9.1

openssh-server: before 8.4p1-3.9.1

openssh-fips: before 8.4p1-3.9.1

openssh-debugsource: before 8.4p1-3.9.1

openssh-debuginfo: before 8.4p1-3.9.1

openssh-common-debuginfo: before 8.4p1-3.9.1

openssh-common: before 8.4p1-3.9.1

openssh-clients-debuginfo: before 8.4p1-3.9.1

openssh-clients: before 8.4p1-3.9.1

openssh: before 8.4p1-3.9.1

CPE2.3

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20214153-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.