CVE-2023-5616

Description

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Canonical Ltd. / Ubuntu's gnome-control-center1:45 – 1:45.0-1ubuntu3.1
Canonical Ltd. / Ubuntu's gnome-control-center1:44 – 1:44.0-1ubuntu6.1
Canonical Ltd. / Ubuntu's gnome-control-center1:41 – 1:41.7-0ubuntu0.22.04.8
Canonical Ltd. / Ubuntu's gnome-control-center1:3 – 1:3.36.5-0ubuntu4.1

References

MISChttps://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577
VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-6554-1
VENDOR_ADVISORYhttps://ubuntu.com/security/CVE-2023-5616