CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Affected Software

Name	Vendor	Start Version	End Version
Gnome-control-center	Ubuntu	bionic	*
Gnome-control-center	Ubuntu	devel	*
Gnome-control-center	Ubuntu	focal	*
Gnome-control-center	Ubuntu	jammy	*
Gnome-control-center	Ubuntu	lunar	*
Gnome-control-center	Ubuntu	mantic	*
Gnome-control-center	Ubuntu	noble	*
Gnome-control-center	Ubuntu	oracular	*
Gnome-control-center	Ubuntu	trusty	*
Gnome-control-center	Ubuntu	xenial	*

https://cwe.mitre.org/data/definitions/21.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/461.html
https://cwe.mitre.org/data/definitions/473.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/60.html
https://cwe.mitre.org/data/definitions/667.html
https://cwe.mitre.org/data/definitions/94.html

References

https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577
https://ubuntu.com/security/CVE-2023-5616
https://ubuntu.com/security/notices/USN-6554-1

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-5616
CWE	https://cwe.mitre.org/data/definitions/290.html

Authentication Bypass by Spoofing

Weakness

Affected Software

Related Attack Patterns

References