Download
| Alert*
|
oval:org.secpod.oval:def:54505
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. oval:org.secpod.oval:def:601995 libssh2-1 is installed oval:org.secpod.oval:def:605044 libssh2-1 is installed oval:org.secpod.oval:def:601990 Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the li ... oval:org.secpod.oval:def:602380 Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ... oval:org.secpod.oval:def:2004167 A flaw was found in libssh2-1 versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR ciphers. The server or client could crash when the connection hasn"t been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulner ... oval:org.secpod.oval:def:2003582 In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or ... oval:org.secpod.oval:def:603849 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. oval:org.secpod.oval:def:708444 libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:96391 libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:708701 libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to expose sensitive information over the network. |
