CVE-2021-28041
Published: 5 March 2021
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Notes
| Author | Note |
|---|---|
| seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Released
(1:8.2p1-4ubuntu0.2)
|
|
| groovy |
Released
(1:8.3p1-1ubuntu0.1)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db |
||
|
openssh-ssh1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| groovy |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(frozen on openssh 7.5p)
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |