#VU81427 UNIX symbolic link following in Apache Mina SSHD - CVE-2023-35887

Cybersecurity Help s.r.o.

Published: 2023-10-03

Vulnerability identifier: #VU81427

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35887

CWE-ID: CWE-61

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Mina SSHD
Server applications / Remote management servers, RDP, SSH

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure symlink following that lead to files outside the RootedFileSystem. A remote user can identify presence of files on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Mina SSHD: 1.0.0 - 2.9.2

External links
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

IBM B2B Sterling Integrator update for Apache MINA SSHD

Multiple vulnerabilities in IBM Cloud Pak for Business Automation

Multiple vulnerabilities in JD Edwards EnterpriseOne Tools

Multiple vulnerabilities in Oracle Data Integrator

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 8.0

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 8.0

openEuler update for apache-sshd

Multiple vulnerabilities in Oracle Retail Customer Management and Segmentation Foundation

Multiple vulnerabilities in IBM Cloud Pak for Business Automation