CVE-2023-51767 — Improper Authentication in Fedora

CWE-287 — Improper Authentication6 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 99.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedDec 24

Description

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectu…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶Alpineopenbsd/openssh< 9.7_p1-r0+4

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

CVE-2023-51767: OpenSSH through 9↗2023-12-24

▶

OSV

CVE-2023-51767: OpenSSH through 10↗2023-12-24

▶

CVEList

CVE-2023-51767: OpenSSH through 10↗2023-12-24

▶

GHSA

GHSA-27q9-h529-q4g3: OpenSSH through 9↗2023-12-24

▶

📋Vendor Advisories

Red Hat

openssh: authentication bypass via row hammer attack↗2023-12-24

▶