![]() When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. ![]() ![]() NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. ![]() OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |