{"id": "CVE-2019-3856", "bulletinFamily": "NVD", "title": "CVE-2019-3856", "description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "published": "2019-03-25T19:29:00", "modified": "2020-10-15T13:43:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3856", "reporter": "cve@mitre.org", "references": ["https://security.netapp.com/advisory/ntap-20190327-0005/", "https://www.debian.org/security/2019/dsa-4431", "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", "https://access.redhat.com/errata/RHSA-2019:1791", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", "https://www.libssh2.org/CVE-2019-3856.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:1175", "https://access.redhat.com/errata/RHSA-2019:1943", "https://access.redhat.com/errata/RHSA-2019:0679", "https://access.redhat.com/errata/RHSA-2019:2399", "https://seclists.org/bugtraq/2019/Apr/25", "https://access.redhat.com/errata/RHSA-2019:1652"], "cvelist": ["CVE-2019-3856"], "type": "cve", "lastseen": "2020-12-09T21:41:52", "edition": 11, "viewCount": 185, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220191393", "OPENVAS:1361412562310875876", "OPENVAS:1361412562310883028", "OPENVAS:1361412562310852385", "OPENVAS:1361412562310704431", "OPENVAS:1361412562311220191309", "OPENVAS:1361412562310891730", "OPENVAS:1361412562311220191362", "OPENVAS:1361412562311220191308", "OPENVAS:1361412562310883078"]}, {"type": "centos", "idList": ["CESA-2019:0679", "CESA-2019:1652"]}, {"type": "redhat", "idList": ["RHSA-2019:1175", "RHSA-2019:1791", "RHSA-2019:1652", "RHSA-2019:0679", "RHSA-2019:1943", "RHSA-2019:2399"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3915", "ELSA-2019-2136", "ELSA-2019-1652", "ELSA-2019-0679", "ELSA-2019-1175", "ELSA-2019-1580"]}, {"type": "amazon", "idList": ["ALAS2-2019-1199", "ALAS-2019-1254"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2019-1791.NASL", "EULEROS_SA-2019-1362.NASL", "ORACLELINUX_ELSA-2019-0679.NASL", "REDHAT-RHSA-2019-1943.NASL", "REDHAT-RHSA-2019-2399.NASL", "ORACLELINUX_ELSA-2019-1652.NASL", "AL2_ALAS-2019-1199.NASL", "REDHAT-RHSA-2019-0679.NASL", "NEWSTART_CGSL_NS-SA-2019-0169_LIBSSH2.NASL", "SL_20190328_LIBSSH2_ON_SL7_X.NASL"]}, {"type": "slackware", "idList": ["SSA-2019-077-01"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1730-1:C9C25", "DEBIAN:DSA-4431-1:E9C51"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1075-1", "OPENSUSE-SU-2019:1109-1"]}, {"type": "archlinux", "idList": ["ASA-201903-12"]}, {"type": "thn", "idList": ["THN:B9050A4E7D2CE55A80B70F1870DE2C24"]}, {"type": "fedora", "idList": ["FEDORA:A0C3B66ADC4F", "FEDORA:AE8F7609A16B", "FEDORA:38A4C6077C04", "FEDORA:58CB8605B469"]}, {"type": "freebsd", "idList": ["6E58E1E9-2636-413E-9F84-4C0E21143628"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832", "ORACLE:CPUOCT2019"]}], "modified": "2020-12-09T21:41:52", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-12-09T21:41:52", "rev": 2}, "twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1346589939719405568", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863) has been published on https://t.co/aDfFoSGMBs?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1346589939719405568", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863) has been published on https://t.co/aDfFoSGMBs?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1346589940965117954", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863) has been published on https://t.co/o6CHsfaOZT?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1346589940965117954", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863) has been published on https://t.co/o6CHsfaOZT?amp=1"}], "modified": "2020-12-09T21:41:52"}, "vulnersScore": 6.5}, "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:28", "cpe:/o:debian:debian_linux:9.0"], "affectedSoftware": [{"cpeName": "libssh2:libssh2", "name": "libssh2", "operator": "lt", "version": "1.8.1"}, {"cpeName": "redhat:enterprise_linux", "name": "redhat enterprise linux", "operator": "eq", "version": "8.0"}, {"cpeName": "redhat:enterprise_linux_server_aus", "name": "redhat enterprise linux server aus", "operator": "eq", "version": "7.6"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "oracle:peoplesoft_enterprise_peopletools", "name": "oracle peoplesoft enterprise peopletools", "operator": "eq", "version": "8.57"}, {"cpeName": "netapp:ontap_select_deploy_administration_utility", "name": "netapp ontap select deploy administration utility", "operator": "eq", "version": "-"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "8.0"}, {"cpeName": "oracle:peoplesoft_enterprise_peopletools", "name": "oracle peoplesoft enterprise peopletools", "operator": "eq", "version": "8.56"}, {"cpeName": "fedoraproject:fedora", "name": "fedoraproject fedora", "operator": "eq", "version": "28"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_server_eus", "name": "redhat enterprise linux server eus", "operator": "eq", "version": "7.6"}, {"cpeName": "opensuse:leap", "name": "opensuse leap", "operator": "eq", "version": "15.0"}, {"cpeName": "redhat:enterprise_linux_server_tus", "name": "redhat enterprise linux server tus", "operator": "eq", "version": "7.6"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "9.0"}, {"cpeName": "opensuse:leap", "name": "opensuse leap", "operator": "eq", "version": "42.3"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"], "cwe": ["CWE-190", "CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:libssh2:libssh2:1.8.1:*:*:*:*:*:*:*", "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-07-05T18:46:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the ", "modified": "2019-07-04T00:00:00", "published": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310883078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883078", "type": "openvas", "title": "CentOS Update for libssh2 CESA-2019:1652 centos6 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883078\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-04 02:00:43 +0000 (Thu, 04 Jul 2019)\");\n script_name(\"CentOS Update for libssh2 CESA-2019:1652 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1652\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-July/023349.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2'\n package(s) announced via the CESA-2019:1652 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n * libssh2: Integer overflow in transport read resulting in out of bounds\nwrite (CVE-2019-3855)\n\n * libssh2: Integer overflow in keyboard interactive handling resulting in\nout of bounds write (CVE-2019-3856)\n\n * libssh2: Integer overflow in SSH packet processing channel resulting in\nout of bounds write (CVE-2019-3857)\n\n * libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-docs\", rpm:\"libssh2-docs~1.4.2~3.el6_10.1\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191362", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1362)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1362\");\n script_version(\"2020-01-23T11:40:27+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:40:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:40:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1362)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1362\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1362\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1362 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the ", "modified": "2019-04-26T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310883028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883028", "type": "openvas", "title": "CentOS Update for libssh2 CESA-2019:0679 centos7 ", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883028\");\n script_version(\"2019-04-26T08:24:31+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:38:52 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"CentOS Update for libssh2 CESA-2019:0679 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0679\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023259.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2'\n package(s) announced via the CESA-2019:0679 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n * libssh2: Integer overflow in transport read resulting in out of bounds\nwrite (CVE-2019-3855)\n\n * libssh2: Integer overflow in keyboard interactive handling resulting in\nout of bounds write (CVE-2019-3856)\n\n * libssh2: Integer overflow in SSH packet processing channel resulting in\nout of bounds write (CVE-2019-3857)\n\n * libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-docs\", rpm:\"libssh2-docs~1.4.3~12.el7_6.2\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2016-0787", "CVE-2019-3856", "CVE-2019-3855"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191393", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1393)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1393\");\n script_version(\"2020-01-23T11:41:41+0000\");\n script_cve_id(\"CVE-2016-0787\", \"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1393)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1393\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1393\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1393 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.(CVE-2016-0787)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h3\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the\n ", "modified": "2019-04-05T00:00:00", "published": "2019-04-05T00:00:00", "id": "OPENVAS:1361412562310875543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875543", "type": "openvas", "title": "Fedora Update for libssh2 FEDORA-2019-3348cb4934", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875543\");\n script_version(\"2019-04-05T02:08:01+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3863\", \"CVE-2019-3856\", \"CVE-2019-3861\",\n \"CVE-2019-3857\", \"CVE-2019-3862\", \"CVE-2019-3858\", \"CVE-2019-3860\",\n \"CVE-2019-3859\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-05 02:08:01 +0000 (Fri, 05 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-05 02:08:01 +0000 (Fri, 05 Apr 2019)\");\n script_name(\"Fedora Update for libssh2 FEDORA-2019-3348cb4934\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3348cb4934\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'libssh2' package(s) announced via the FEDORA-2019-3348cb4934 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libssh2 is a library implementing the SSH2\n protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),\n SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,\n SECSH-DHGEX(04), and SECSH-NUMBERS(10).\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.8.1~1.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:51:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310852381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852381", "type": "openvas", "title": "openSUSE: Security Advisory for libssh2_org (openSUSE-SU-2019:1075-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852381\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3858\",\n \"CVE-2019-3859\", \"CVE-2019-3860\", \"CVE-2019-3861\", \"CVE-2019-3862\",\n \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:42:12 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for libssh2_org (openSUSE-SU-2019:1075-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1075-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2_org'\n package(s) announced via the openSUSE-SU-2019:1075-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libssh2_org fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH\n packets (bsc#1128490).\n\n - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially\n crafted message channel request packet (bsc#1128492).\n\n - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP\n packets (bsc#1128481).\n\n - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard\n interactive which could allow out-of-bounds writes with specially\n crafted keyboard responses (bsc#1128493).\n\n - CVE-2019-3856: Fixed a potential Integer overflow in keyboard\n interactive handling which could allow out-of-bounds write with\n specially crafted payload (bsc#1128472).\n\n - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads\n due to unchecked use of _libssh2_packet_require and\n _libssh2_packet_requirev (bsc#1128480).\n\n - CVE-2019-3855: Fixed a potential Integer overflow in transport read\n which could allow out-of-bounds write with specially crafted payload\n (bsc#1128471).\n\n - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead\n to an out-of-bounds read with a specially crafted SFTP packet\n (bsc#1128476).\n\n - CVE-2019-3857: Fixed a potential Integer overflow which could lead to\n zero-byte allocation and out-of-bounds with specially crafted message\n channel request SSH packet (bsc#1128474).\n\n Other issue addressed:\n\n - Libbssh2 will stop using keys unsupported types in the known_hosts file\n (bsc#1091236).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1075=1\");\n\n script_tag(name:\"affected\", value:\"'libssh2_org' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-1\", rpm:\"libssh2-1~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-1-debuginfo\", rpm:\"libssh2-1-debuginfo~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2_org-debugsource\", rpm:\"libssh2_org-debugsource~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-1-32bit\", rpm:\"libssh2-1-32bit~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2-1-debuginfo-32bit\", rpm:\"libssh2-1-debuginfo-32bit~1.4.3~19.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191308", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1308)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1308\");\n script_version(\"2020-01-23T11:38:39+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3858\", \"CVE-2019-3859\", \"CVE-2019-3860\", \"CVE-2019-3861\", \"CVE-2019-3862\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:38:39 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:39 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1308)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1308\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1308\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1308 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858)\n\nAn out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191309", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1309)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1309\");\n script_version(\"2020-01-23T11:38:48+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3858\", \"CVE-2019-3859\", \"CVE-2019-3860\", \"CVE-2019-3861\", \"CVE-2019-3862\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:38:48 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1309)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1309\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1309\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1309 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858)\n\nAn out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191310", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1310)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1310\");\n script_version(\"2020-01-23T11:38:57+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3858\", \"CVE-2019-3859\", \"CVE-2019-3860\", \"CVE-2019-3861\", \"CVE-2019-3862\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:38:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1310)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1310\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1310\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libssh2' package(s) announced via the EulerOS-SA-2019-1310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858)\n\nAn out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861)\n\nAn out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855)\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863)\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~1.4.3~10.1.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "The remote host is missing an update for the ", "modified": "2019-04-16T00:00:00", "published": "2019-04-14T00:00:00", "id": "OPENVAS:1361412562310704431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704431", "type": "openvas", "title": "Debian Security Advisory DSA 4431-1 (libssh2 - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704431\");\n script_version(\"2019-04-16T09:08:23+0000\");\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3858\", \"CVE-2019-3859\", \"CVE-2019-3860\", \"CVE-2019-3861\", \"CVE-2019-3862\", \"CVE-2019-3863\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-16 09:08:23 +0000 (Tue, 16 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-14 02:00:12 +0000 (Sun, 14 Apr 2019)\");\n script_name(\"Debian Security Advisory DSA 4431-1 (libssh2 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4431.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4431-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libssh2'\n package(s) announced via the DSA-4431-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chris Coulson discovered several vulnerabilities in libssh2, a SSH2\nclient-side library, which could result in denial of service,\ninformation leaks or the execution of arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'libssh2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.7.0-1+deb9u1.\n\nWe recommend that you upgrade your libssh2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssh2-1\", ver:\"1.7.0-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssh2-1-dbg\", ver:\"1.7.0-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssh2-1-dev\", ver:\"1.7.0-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-30T12:51:33", "published": "2019-07-30T12:22:47", "id": "RHSA-2019:1943", "href": "https://access.redhat.com/errata/RHSA-2019:1943", "type": "redhat", "title": "(RHSA-2019:1943) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-02T14:59:59", "published": "2019-07-02T14:35:51", "id": "RHSA-2019:1652", "href": "https://access.redhat.com/errata/RHSA-2019:1652", "type": "redhat", "title": "(RHSA-2019:1652) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-16T16:12:49", "published": "2019-07-16T15:50:39", "id": "RHSA-2019:1791", "href": "https://access.redhat.com/errata/RHSA-2019:1791", "type": "redhat", "title": "(RHSA-2019:1791) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-08-07T15:23:41", "published": "2019-08-07T15:03:42", "id": "RHSA-2019:2399", "href": "https://access.redhat.com/errata/RHSA-2019:2399", "type": "redhat", "title": "(RHSA-2019:2399) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "The libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-03-28T18:44:05", "published": "2019-03-28T16:52:01", "id": "RHSA-2019:0679", "href": "https://access.redhat.com/errata/RHSA-2019:0679", "type": "redhat", "title": "(RHSA-2019:0679) Important: libssh2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T10:20:28", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-20815", "CVE-2019-11091", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863"], "description": "Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.\n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\n* QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-05-14T22:02:20", "published": "2019-05-14T21:21:54", "id": "RHSA-2019:1175", "href": "https://access.redhat.com/errata/RHSA-2019:1175", "type": "redhat", "title": "(RHSA-2019:1175) Important: virt:rhel security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:39:39", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**CentOS Errata and Security Advisory** CESA-2019:1652\n\n\nThe libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-July/035387.html\n\n**Affected packages:**\nlibssh2\nlibssh2-devel\nlibssh2-docs\n\n**Upstream details at:**\n", "edition": 3, "modified": "2019-07-03T17:00:57", "published": "2019-07-03T17:00:57", "id": "CESA-2019:1652", "href": "http://lists.centos.org/pipermail/centos-announce/2019-July/035387.html", "title": "libssh2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:38:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0679\n\n\nThe libssh2 packages provide a library that implements the SSH2 protocol.\n\nSecurity Fix(es):\n\n* libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/035297.html\n\n**Affected packages:**\nlibssh2\nlibssh2-devel\nlibssh2-docs\n\n**Upstream details at:**\n", "edition": 4, "modified": "2019-04-01T19:09:06", "published": "2019-04-01T19:09:06", "id": "CESA-2019:0679", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/035297.html", "title": "libssh2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "[1.4.3-12.el7_6.2]\n- sanitize public header file (detected by rpmdiff)\n[1.4.3-12.el7_6.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)", "edition": 3, "modified": "2019-03-28T00:00:00", "published": "2019-03-28T00:00:00", "id": "ELSA-2019-0679", "href": "http://linux.oracle.com/errata/ELSA-2019-0679.html", "title": "libssh2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-03T02:42:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2016-0787", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855"], "description": "[1.4.2-3.0.1.el6_10.1]\n- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)\n Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)\n[1.4.2-3.el6_10.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)", "edition": 1, "modified": "2019-07-02T00:00:00", "published": "2019-07-02T00:00:00", "id": "ELSA-2019-1652", "href": "http://linux.oracle.com/errata/ELSA-2019-1652.html", "title": "libssh2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-14T08:38:20", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855"], "description": "[1.8.0-3]\n- sanitize public header file (detected by rpmdiff)\n[1.8.0-2]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)\n- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)\n- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n[1.8.0-1]\n- rebase to 1.8.0 (#1592784)", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2136", "href": "http://linux.oracle.com/errata/ELSA-2019-2136.html", "title": "libssh2 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T06:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-17498", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855"], "description": "[1.8.0-4]\n- fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)\n[1.8.0-3]\n- sanitize public header file (detected by rpmdiff)\n[1.8.0-2]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)\n- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)\n- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\n[1.8.0-1]\n- rebase to 1.8.0 (#1592784)", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-3915", "href": "http://linux.oracle.com/errata/ELSA-2020-3915.html", "title": "libssh2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:17:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2018-12126", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-10168", "CVE-2019-10166", "CVE-2019-3855", "CVE-2019-10167", "CVE-2019-10161"], "description": "libguestfs\n[1:1.38.4-10.1.0.1]\n- Config supermin to use host yum.conf in ol8 [Orabug: 29319324]\n- Set DISTRO_ORACLE_LINUX correspeonding to ol\n[1:1.38.4-10.1]\n- Fix inspection of partition-less devices\n resolves: rhbz#1714747\nlibssh2\n[1.8.0-7.el8_0.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\nlibvirt\n[4.5.0-23.3.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-23.3.el8]\n- api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161)\n- api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166)\n- api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167)\n- api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168)\nqemu-kvm\n[2.12.0-64.el8.0.0.2]\n- Bump release version to fix the versioning problem (zstream release lower than ystream).\n- Resolves: bz#1704545\n (CVE-2018-12126 virt:rhel/qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-8.0.0.z])", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1580", "href": "http://linux.oracle.com/errata/ELSA-2019-1580.html", "title": "virt:rhel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2018-12126", "CVE-2018-11091", "CVE-2019-3857", "CVE-2018-12127", "CVE-2018-20815", "CVE-2019-3856", "CVE-2019-3855", "CVE-2019-11091", "CVE-2018-12130"], "description": "libguestfs\n[1:1.38.4-10.0.1]\n- Config supermin to use host yum.conf in ol8 [Orabug: 29319324]\n- Set DISTRO_ORACLE_LINUX correspeonding to ol\n[1:1.38.4-10.1]\n- Fix inspection of partition-less devices\n resolves: rhbz#1714747\nlibssh2\n[1.8.0-7.el8_0.1]\n- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)\n- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)\n- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)\n- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)\nlibvirt\n[4.5.0-23.1.0.1.el8]\n- added librbd1 as dependency (Keshav Sharma)\n[4.5.0-23.1.el8]\n- cpu_x86: Do not cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- qemu: Don't cache microcode version (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\n- cpu_map: Define md-clear CPUID bit (CVE-2018-12130, CVE-2018-12126, CVE-2018-11091, CVE-2018-12127)\nqemu-kvm\n[2.12.0-64.el8.0.0.2]\n- Bump release version to fix the versioning problem (zstream release lower than ystream).\n- Resolves: bz#1704545\n (CVE-2018-12126 virt:rhel/qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-8.0.0.z])", "edition": 2, "modified": "2019-07-30T00:00:00", "published": "2019-07-30T00:00:00", "id": "ELSA-2019-1175", "href": "http://linux.oracle.com/errata/ELSA-2019-1175.html", "title": "virt:rhel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**Issue Overview:**\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3855 __](<https://access.redhat.com/security/cve/CVE-2019-3855>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3857 __](<https://access.redhat.com/security/cve/CVE-2019-3857>))\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3856 __](<https://access.redhat.com/security/cve/CVE-2019-3856>))\n\nA flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.([CVE-2019-3863 __](<https://access.redhat.com/security/cve/CVE-2019-3863>))\n\n \n**Affected Packages:** \n\n\nlibssh2\n\n \n**Issue Correction:** \nRun _yum update libssh2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n libssh2-1.4.2-3.12.amzn1.i686 \n libssh2-debuginfo-1.4.2-3.12.amzn1.i686 \n libssh2-devel-1.4.2-3.12.amzn1.i686 \n libssh2-docs-1.4.2-3.12.amzn1.i686 \n \n src: \n libssh2-1.4.2-3.12.amzn1.src \n \n x86_64: \n libssh2-devel-1.4.2-3.12.amzn1.x86_64 \n libssh2-docs-1.4.2-3.12.amzn1.x86_64 \n libssh2-1.4.2-3.12.amzn1.x86_64 \n libssh2-debuginfo-1.4.2-3.12.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-08-12T18:05:00", "published": "2019-08-12T18:05:00", "id": "ALAS-2019-1254", "href": "https://alas.aws.amazon.com/ALAS-2019-1254.html", "title": "Important: libssh2", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "description": "**Issue Overview:**\n\nAn integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3856 __](<https://access.redhat.com/security/cve/CVE-2019-3856>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3855 __](<https://access.redhat.com/security/cve/CVE-2019-3855>))\n\nA vulnerability was found in in libssh2 where a server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.([CVE-2019-3863 __](<https://access.redhat.com/security/cve/CVE-2019-3863>))\n\nAn integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.([CVE-2019-3857 __](<https://access.redhat.com/security/cve/CVE-2019-3857>))\n\n \n**Affected Packages:** \n\n\nlibssh2\n\n \n**Issue Correction:** \nRun _yum update libssh2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n libssh2-1.4.3-12.amzn2.2.aarch64 \n libssh2-devel-1.4.3-12.amzn2.2.aarch64 \n libssh2-debuginfo-1.4.3-12.amzn2.2.aarch64 \n \n i686: \n libssh2-1.4.3-12.amzn2.2.i686 \n libssh2-devel-1.4.3-12.amzn2.2.i686 \n libssh2-debuginfo-1.4.3-12.amzn2.2.i686 \n \n noarch: \n libssh2-docs-1.4.3-12.amzn2.2.noarch \n \n src: \n libssh2-1.4.3-12.amzn2.2.src \n \n x86_64: \n libssh2-1.4.3-12.amzn2.2.x86_64 \n libssh2-devel-1.4.3-12.amzn2.2.x86_64 \n libssh2-debuginfo-1.4.3-12.amzn2.2.x86_64 \n \n \n", "edition": 1, "modified": "2019-04-25T16:44:00", "published": "2019-04-25T16:44:00", "id": "ALAS2-2019-1199", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1199.html", "title": "Important: libssh2", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:19:14", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "RHEL 7 : libssh2 (RHSA-2019:2399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libssh2-docs", "p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:libssh2-devel"], "id": "REDHAT-RHSA-2019-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/127716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2399. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127716);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:2399\");\n\n script_name(english:\"RHEL 7 : libssh2 (RHSA-2019:2399)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco\nExtended Update Support, and Red Hat Enterprise Linux 7.3 Update\nServices for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2399\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-debuginfo-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-debuginfo-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"i686\", reference:\"libssh2-devel-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"libssh2-devel-1.4.3-11.el7_3.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"libssh2-docs-1.4.3-11.el7_3.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:29:51", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-02T00:00:00", "title": "CentOS 7 : libssh2 (CESA-2019:0679)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libssh2", "p-cpe:/a:centos:centos:libssh2-docs", "p-cpe:/a:centos:centos:libssh2-devel"], "id": "CENTOS_RHSA-2019-0679.NASL", "href": "https://www.tenable.com/plugins/nessus/123560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0679 and \n# CentOS Errata and Security Advisory 2019:0679 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123560);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:0679\");\n\n script_name(english:\"CentOS 7 : libssh2 (CESA-2019:0679)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-April/023259.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c85ae041\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssh2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-1.4.3-12.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-devel-1.4.3-12.el7_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libssh2-docs-1.4.3-12.el7_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:04:36", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0169_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/127458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0169. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127458);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n script_bugtraq_id(107485);\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0169\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libssh2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"libssh2-1.4.2-3.el6_10.1\",\n \"libssh2-debuginfo-1.4.2-3.el6_10.1\",\n \"libssh2-devel-1.4.2-3.el6_10.1\",\n \"libssh2-docs-1.4.2-3.el6_10.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:18:42", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux\n7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-17T00:00:00", "title": "RHEL 7 : libssh2 (RHSA-2019:1791)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:libssh2-docs", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libssh2-devel"], "id": "REDHAT-RHSA-2019-1791.NASL", "href": "https://www.tenable.com/plugins/nessus/126759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1791. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126759);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1791\");\n\n script_name(english:\"RHEL 7 : libssh2 (RHSA-2019:1791)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux\n7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3863\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1791\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-debuginfo-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-devel-1.4.3-11.el7_5.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"libssh2-docs-1.4.3-11.el7_5.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:20:20", "description": "An integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\n\nAn integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "Amazon Linux AMI : libssh2 (ALAS-2019-1254)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libssh2", "p-cpe:/a:amazon:linux:libssh2-docs", "p-cpe:/a:amazon:linux:libssh2-devel", "p-cpe:/a:amazon:linux:libssh2-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1254.NASL", "href": "https://www.tenable.com/plugins/nessus/127810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1254.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127810);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"ALAS\", value:\"2019-1254\");\n\n script_name(english:\"Amazon Linux AMI : libssh2 (ALAS-2019-1254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\n\nAn integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nA flaw was found in libssh2 before 1.8.1. A server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1254.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libssh2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-debuginfo-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-devel-1.4.2-3.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libssh2-docs-1.4.2-3.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:46:16", "description": "From Red Hat Security Advisory 2019:1652 :\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-03T00:00:00", "title": "Oracle Linux 6 : libssh2 (ELSA-2019-1652)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libssh2", "p-cpe:/a:oracle:linux:libssh2-docs", "p-cpe:/a:oracle:linux:libssh2-devel"], "id": "ORACLELINUX_ELSA-2019-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/126451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1652 and \n# Oracle Linux Security Advisory ELSA-2019-1652 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126451);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"RHSA\", value:\"2019:1652\");\n\n script_name(english:\"Oracle Linux 6 : libssh2 (ELSA-2019-1652)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1652 :\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-July/008872.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssh2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-1.4.2-3.0.1.el6_10.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-devel-1.4.2-3.0.1.el6_10.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libssh2-docs-1.4.2-3.0.1.el6_10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:16:57", "description": "An integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nA vulnerability was found in in libssh2 where a server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-26T00:00:00", "title": "Amazon Linux 2 : libssh2 (ALAS-2019-1199)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libssh2", "p-cpe:/a:amazon:linux:libssh2-docs", "p-cpe:/a:amazon:linux:libssh2-devel", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:libssh2-debuginfo"], "id": "AL2_ALAS-2019-1199.NASL", "href": "https://www.tenable.com/plugins/nessus/124305", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1199.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124305);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/22\");\n\n script_cve_id(\"CVE-2019-3855\", \"CVE-2019-3856\", \"CVE-2019-3857\", \"CVE-2019-3863\");\n script_xref(name:\"ALAS\", value:\"2019-1199\");\n\n script_name(english:\"Amazon Linux 2 : libssh2 (ALAS-2019-1199)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw, which could lead to an out of bounds write,\nwas discovered in libssh2 in the way keyboard prompt requests are\nparsed. A remote attacker who compromises a SSH server may be able to\nexecute code on the client system when a user connects to the\nserver.(CVE-2019-3856)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way packets are read from the server.\nA remote attacker who compromises a SSH server may be able to execute\ncode on the client system when a user connects to the\nserver.(CVE-2019-3855)\n\nA vulnerability was found in in libssh2 where a server could send a\nmultiple keyboard interactive response messages whose total length are\ngreater than unsigned char max characters. This value is used as an\nindex to copy memory causing in an out of bounds memory write\nerror.(CVE-2019-3863)\n\nAn integer overflow flaw which could lead to an out of bounds write\nwas discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets\nwith an exit signal are parsed. A remote attacker who compromises a\nSSH server may be able to execute code on the client system when a\nuser connects to the server.(CVE-2019-3857)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1199.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libssh2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-debuginfo-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-devel-1.4.3-12.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libssh2-docs-1.4.3-12.amzn2.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:04:50", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way packets are read from the server. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 before 1.8.1 in\n the way keyboard prompt requests are parsed. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way SSH_MSG_CHANNEL_REQUEST packets with an exit\n signal are parsed. A remote attacker who compromises a\n SSH server may be able to execute code on the client\n system when a user connects to the server.\n (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-11T00:00:00", "title": "NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-09-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0179_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/128705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0179. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128705);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n script_bugtraq_id(107485);\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple\nvulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way packets are read from the server. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 before 1.8.1 in\n the way keyboard prompt requests are parsed. A remote\n attacker who compromises a SSH server may be able to\n execute code on the client system when a user connects\n to the server. (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 before 1.8.1 in\n the way SSH_MSG_CHANNEL_REQUEST packets with an exit\n signal are parsed. A remote attacker who compromises a\n SSH server may be able to execute code on the client\n system when a user connects to the server.\n (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0179\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libssh2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"libssh2-1.4.2-3.el6_10.1\",\n \"libssh2-debuginfo-1.4.2-3.el6_10.1\",\n \"libssh2-devel-1.4.2-3.el6_10.1\",\n \"libssh2-docs-1.4.2-3.el6_10.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:14:47", "description": "An update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-05T00:00:00", "title": "Virtuozzo 6 : libssh2 / libssh2-devel / libssh2-docs (VZLSA-2019-1652)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-07-05T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:libssh2-devel", "p-cpe:/a:virtuozzo:virtuozzo:libssh2", "p-cpe:/a:virtuozzo:virtuozzo:libssh2-docs", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2019-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/126505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126505);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n\n script_name(english:\"Virtuozzo 6 : libssh2 / libssh2-devel / libssh2-docs (VZLSA-2019-1652)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for libssh2 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libssh2 packages provide a library that implements the SSH2\nprotocol.\n\nSecurity Fix(es) :\n\n* libssh2: Integer overflow in transport read resulting in out of\nbounds write (CVE-2019-3855)\n\n* libssh2: Integer overflow in keyboard interactive handling resulting\nin out of bounds write (CVE-2019-3856)\n\n* libssh2: Integer overflow in SSH packet processing channel resulting\nin out of bounds write (CVE-2019-3857)\n\n* libssh2: Integer overflow in user authenticate keyboard interactive\nallows out-of-bounds writes (CVE-2019-3863)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-1652.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d769f802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1652\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libssh2 / libssh2-devel / libssh2-docs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libssh2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libssh2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"libssh2-1.4.2-3.vl6.1\",\n \"libssh2-devel-1.4.2-3.vl6.1\",\n \"libssh2-docs-1.4.2-3.vl6.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2 / libssh2-devel / libssh2-docs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:02:38", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected\nby multiple vulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0073)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-3863", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3855"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0073_LIBSSH2.NASL", "href": "https://www.tenable.com/plugins/nessus/127279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0073. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127279);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2019-3855\",\n \"CVE-2019-3856\",\n \"CVE-2019-3857\",\n \"CVE-2019-3863\"\n );\n script_bugtraq_id(107485);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0073)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected\nby multiple vulnerabilities:\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n packets are read from the server. A remote attacker who\n compromises a SSH server may be able to execute code on\n the client system when a user connects to the server.\n (CVE-2019-3855)\n\n - An integer overflow flaw, which could lead to an out of\n bounds write, was discovered in libssh2 in the way\n keyboard prompt requests are parsed. A remote attacker\n who compromises a SSH server may be able to execute code\n on the client system when a user connects to the server.\n (CVE-2019-3856)\n\n - An integer overflow flaw which could lead to an out of\n bounds write was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit signal are\n parsed. A remote attacker who compromises a SSH server\n may be able to execute code on the client system when a\n user connects to the server. (CVE-2019-3857)\n\n - A flaw was found in libssh2 before 1.8.1. A server could\n send a multiple keyboard interactive response messages\n whose total length are greater than unsigned char max\n characters. This value is used as an index to copy\n memory causing in an out of bounds memory write error.\n (CVE-2019-3863)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0073\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libssh2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3855\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"libssh2-1.4.3-12.el7_6.2\",\n \"libssh2-debuginfo-1.4.3-12.el7_6.2\",\n \"libssh2-devel-1.4.3-12.el7_6.2\",\n \"libssh2-docs-1.4.3-12.el7_6.2\"\n ],\n \"CGSL MAIN 5.04\": [\n \"libssh2-1.4.3-12.el7_6.2\",\n \"libssh2-debuginfo-1.4.3-12.el7_6.2\",\n \"libssh2-devel-1.4.3-12.el7_6.2\",\n \"libssh2-docs-1.4.3-12.el7_6.2\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssh2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-07-07T20:42:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "\nlibssh2 developers report:\n\n\nDefend against possible integer overflows in comp_method_zlib_decomp.\nDefend against writing beyond the end of the payload in _libssh2_transport_read().\nSanitize padding_length - _libssh2_transport_read().\nThis prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.\nPrevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.\nCheck the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.\nAdd a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.\nAdditional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().\n\n\n", "edition": 4, "modified": "2019-07-07T00:00:00", "published": "2019-03-14T00:00:00", "id": "6E58E1E9-2636-413E-9F84-4C0E21143628", "href": "https://vuxml.freebsd.org/freebsd/6e58e1e9-2636-413e-9f84-4c0e21143628.html", "title": "libssh2 -- multiple issues", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:52:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4431-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libssh2\nCVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858\n CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862\n CVE-2019-3863\nDebian Bug : 924965\n\nChris Coulson discovered several vulnerabilities in libssh2, a SSH2\nclient-side library, which could result in denial of service,\ninformation leaks or the execution of arbitrary code.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.0-1+deb9u1.\n\nWe recommend that you upgrade your libssh2 packages.\n\nFor the detailed security status of libssh2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/libssh2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2019-04-13T13:11:30", "published": "2019-04-13T13:11:30", "id": "DEBIAN:DSA-4431-1:E9C51", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00075.html", "title": "[SECURITY] [DSA 4431-1] libssh2 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:05:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "Package : libssh2\nVersion : 1.4.3-4.1+deb8u2\nCVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 \n CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 \n CVE-2019-3863\nDebian Bug : 924965\n\n\nSeveral vulnerabilities have recently been discovered in libssh2, a\nclient-side C library implementing the SSH2 protocol \n\nCVE-2019-3855\n\n An integer overflow flaw which could have lead to an out of bounds\n write was discovered in libssh2 in the way packets were read from the\n server. A remote attacker who compromised an SSH server could have\n been able to execute code on the client system when a user connected\n to the server.\n\nCVE-2019-3856\n\n An integer overflow flaw, which could have lead to an out of bounds\n write, was discovered in libssh2 in the way keyboard prompt requests\n were parsed. A remote attacker who compromised an SSH server could have\n been able to execute code on the client system when a user connected\n to the server.\n\nCVE-2019-3857\n\n An integer overflow flaw which could have lead to an out of bounds\n write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST\n packets with an exit signal were parsed. A remote attacker who\n compromises an SSH server could have been able to execute code on the\n client system when a user connected to the server.\n\nCVE-2019-3858\n\n An out of bounds read flaw was discovered in libssh2 when a specially\n crafted SFTP packet was received from the server. A remote attacker\n who compromised an SSH server could have been able to cause a Denial\n of Service or read data in the client memory.\n\nCVE-2019-3859\n\n An out of bounds read flaw was discovered in libssh2&#x27;s\n _libssh2_packet_require and _libssh2_packet_requirev functions. A\n remote attacker who compromised an SSH server could have be able to\n cause a Denial of Service or read data in the client memory.\n\nCVE-2019-3860\n\n An out of bounds read flaw was discovered in libssh2 in the way SFTP\n packets with empty payloads were parsed. A remote attacker who\n compromised an SSH server could have be able to cause a Denial of\n Service or read data in the client memory.\n\nCVE-2019-3861\n\n An out of bounds read flaw was discovered in libssh2 in the way SSH\n packets with a padding length value greater than the packet length\n were parsed. A remote attacker who compromised a SSH server could\n have been able to cause a Denial of Service or read data in the\n client memory.\n\nCVE-2019-3862\n\n An out of bounds read flaw was discovered in libssh2 in the way\n SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no\n payload were parsed. A remote attacker who compromised an SSH server\n could have been able to cause a Denial of Service or read data in the\n client memory.\n\nCVE-2019-3863\n\n A server could have sent multiple keyboard interactive response\n messages whose total length were greater than unsigned char max\n characters. This value was used as an index to copy memory causing\n an out of bounds memory write error.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1.4.3-4.1+deb8u2.\n\nWe recommend that you upgrade your libssh2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "edition": 7, "modified": "2019-03-26T14:15:42", "published": "2019-03-26T14:15:42", "id": "DEBIAN:DLA-1730-1:C9C25", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201903/msg00032.html", "title": "[SECURITY] [DLA 1730-1] libssh2 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-04-02T21:07:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "This update for libssh2_org fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH\n packets (bsc#1128490).\n - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially\n crafted message channel request packet (bsc#1128492).\n - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP\n packets (bsc#1128481).\n - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard\n interactive which could allow out-of-bounds writes with specially\n crafted keyboard responses (bsc#1128493).\n - CVE-2019-3856: Fixed a potential Integer overflow in keyboard\n interactive handling which could allow out-of-bounds write with\n specially crafted payload (bsc#1128472).\n - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads\n due to unchecked use of _libssh2_packet_require and\n _libssh2_packet_requirev (bsc#1128480).\n - CVE-2019-3855: Fixed a potential Integer overflow in transport read\n which could allow out-of-bounds write with specially crafted payload\n (bsc#1128471).\n - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead\n to an out-of-bounds read with a specially crafted SFTP packet\n (bsc#1128476).\n - CVE-2019-3857: Fixed a potential Integer overflow which could lead to\n zero-byte allocation and out-of-bounds with specially crafted message\n channel request SSH packet (bsc#1128474).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-04-02T18:14:04", "published": "2019-04-02T18:14:04", "id": "OPENSUSE-SU-2019:1109-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "title": "Security update for libssh2_org (moderate)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-29T00:51:37", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3863", "CVE-2019-3861", "CVE-2019-3858", "CVE-2019-3857", "CVE-2019-3856", "CVE-2019-3862", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-3860"], "description": "This update for libssh2_org fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH\n packets (bsc#1128490).\n - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially\n crafted message channel request packet (bsc#1128492).\n - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP\n packets (bsc#1128481).\n - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard\n interactive which could allow out-of-bounds writes with specially\n crafted keyboard responses (bsc#1128493).\n - CVE-2019-3856: Fixed a potential Integer overflow in keyboard\n interactive handling which could allow out-of-bounds write with\n specially crafted payload (bsc#1128472).\n - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads\n due to unchecked use of _libssh2_packet_require and\n _libssh2_packet_requirev (bsc#1128480).\n - CVE-2019-3855: Fixed a potential Integer overflow in transport read\n which could allow out-of-bounds write with specially crafted payload\n (bsc#1128471).\n - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead\n to an out-of-bounds read with a specially crafted SFTP packet\n (bsc#1128476).\n - CVE-2019-3857: Fixed a potential Integer overflow which could lead to\n zero-byte allocation and out-of-bounds with specially crafted message\n channel request SSH packet (bsc#1128474).\n\n Other issue addressed:\n\n - Libbssh2 will stop using keys unsupported types in the known_hosts file\n (bsc#1091236).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2019-03-28T21:09:52", "published": "2019-03-28T21:09:52", "id": "OPENSUSE-SU-2019:1075-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "title": "Security update for libssh2_org (moderate)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "New libssh2 packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded.\n Fixed several security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libssh2-1.8.1-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh2-1.8.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh2-1.8.1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\n42862bdd55431f6c32f38250275b70fc libssh2-1.8.1-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n3932a95faa37ee1575300fff666b1f4b libssh2-1.8.1-x86_64-1_slack14.2.txz\n\nSlackware -current package:\na8a256fffd0ee22986b4a8ebeb1f6b68 l/libssh2-1.8.1-i586-1.txz\n\nSlackware x86_64 -current package:\n14e5f9dd239afd45c3faa27fc02f7c25 l/libssh2-1.8.1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libssh2-1.8.1-i586-1_slack14.2.txz", "modified": "2019-03-18T23:39:28", "published": "2019-03-18T23:39:28", "id": "SSA-2019-077-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.378113", "type": "slackware", "title": "[slackware-security] libssh2", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "Arch Linux Security Advisory ASA-201903-12\n==========================================\n\nSeverity: Critical\nDate : 2019-03-22\nCVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858\nCVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862\nCVE-2019-3863\nPackage : libssh2\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-926\n\nSummary\n=======\n\nThe package libssh2 before version 1.8.1-1 is vulnerable to multiple\nissues including arbitrary code execution and information disclosure.\n\nResolution\n==========\n\nUpgrade to 1.8.1-1.\n\n# pacman -Syu \"libssh2>=1.8.1-1\"\n\nThe problems have been fixed upstream in version 1.8.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-3855 (arbitrary code execution)\n\nA out-of-bounds write has been found in libssh2 before 1.8.1, where a\nmalicious server could send a specially crafted packet which could\nresult in an unchecked integer overflow. The value would then be used\nto allocate memory causing a possible memory write out of bounds error.\n\n- CVE-2019-3856 (arbitrary code execution)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a value approaching unsigned int max number of keyboard prompt\nrequests which could result in an unchecked integer overflow. The value\nwould then be used to allocate memory causing a possible memory write\nout of bounds error.\n\n- CVE-2019-3857 (arbitrary code execution)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with\na length of max unsigned integer value. The length would then have a\nvalue of 1 added to it and used to allocate memory causing a possible\nmemory write out of bounds error or zero byte allocation.\n\n- CVE-2019-3858 (information disclosure)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a specially crafted partial SFTP packet with a zero value for the\npayload length. This zero value would be used to then allocate memory\nresulting in a zero byte allocation and possible out of bounds read.\n\n- CVE-2019-3859 (information disclosure)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a specially crafted partial packet in response to various commands\nsuch as: sha1 and sha226 key exchange, user auth list, user auth\npassword response, public key auth response, channel\nstartup/open/forward/ setenv/request pty/x11 and session start up. The\nresult would be a memory out of bounds read.\n\n- CVE-2019-3860 (information disclosure)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a specially crafted partial SFTP packet with a empty payload in\nresponse to various SFTP commands such as read directory, file status,\nstatus vfs and symlink. The result would be a memory out of bounds\nread.\n\n- CVE-2019-3861 (information disclosure)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a specially crafted SSH packet with a padding length value greater\nthan the packet length. This would result in a buffer read out of\nbounds when decompressing the packet or result in a corrupted packet\nvalue.\n\n- CVE-2019-3862 (information disclosure)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit\nstatus message and no payload. This would result in an out of bounds\nmemory comparison.\n\n- CVE-2019-3863 (arbitrary code execution)\n\nAn issue has been found in libssh2 before 1.8.1 where a server could\nsend a multiple keyboard interactive response messages whose total\nlength are greater than unsigned char max characters. This value is\nused as an index to copy memory causing in an out of bounds memory\nwrite error.\n\nImpact\n======\n\nA malicious server could access sensitive information or execute\narbitrary code on a vulnerable client.\n\nReferences\n==========\n\nhttps://www.libssh2.org/mail/libssh2-devel-archive-2019-03/0009.shtml\nhttps://www.libssh2.org/CVE-2019-3855.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch\nhttps://www.libssh2.org/CVE-2019-3856.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch\nhttps://www.libssh2.org/CVE-2019-3857.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch\nhttps://www.libssh2.org/CVE-2019-3858.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch\nhttps://www.libssh2.org/CVE-2019-3859.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch\nhttps://www.libssh2.org/CVE-2019-3860.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch\nhttps://www.libssh2.org/CVE-2019-3861.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch\nhttps://www.libssh2.org/CVE-2019-3862.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch\nhttps://www.libssh2.org/CVE-2019-3863.html\nhttps://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch\nhttps://security.archlinux.org/CVE-2019-3855\nhttps://security.archlinux.org/CVE-2019-3856\nhttps://security.archlinux.org/CVE-2019-3857\nhttps://security.archlinux.org/CVE-2019-3858\nhttps://security.archlinux.org/CVE-2019-3859\nhttps://security.archlinux.org/CVE-2019-3860\nhttps://security.archlinux.org/CVE-2019-3861\nhttps://security.archlinux.org/CVE-2019-3862\nhttps://security.archlinux.org/CVE-2019-3863", "modified": "2019-03-22T00:00:00", "published": "2019-03-22T00:00:00", "id": "ASA-201903-12", "href": "https://security.archlinux.org/ASA-201903-12", "type": "archlinux", "title": "[ASA-201903-12] libssh2: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2019-03-19T11:10:26", "bulletinFamily": "info", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "[](<https://1.bp.blogspot.com/-cR9Tthi6UWI/XJDDNXWMGzI/AAAAAAAAzic/Hzq4iFYW4P46TIH059kOaQ36mGSuaMUNACLcBGAs/s728-e100/libssh2.jpg>)\n\n \nLibssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. \n \nThe Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library. \n \nAccording to an [advisory](<https://www.libssh2.org/changes.html>) published Monday, all the below listed vulnerabilities that were patched with the release of libssh2 version 1.8.1 lead to memory corruption issues which could result in arbitrary code execution on a client system in certain circumstances. \n\n\n \nHere's the list of security vulnerabilities patched in Libssh: \n \n**1\\. CVE-2019-3855:** Possible integer overflow in transport read that could lead to an out-of-bounds write. A malicious server, or a remote attacker who compromises an SSH server, could send a specially crafted packet which could result in executing malicious code on the client system when a user connects to the server. \n \n**2\\. CVE-2019-3856: **Possible integer overflow in keyboard interactive handling allows out-of-bounds write. A malicious or a compromised SSH server can exploit client system by sending a value approaching unsigned int max number of keyboard prompt requests. \n \n**3\\. CVE-2019-3857: **Possible integer overflow issue leads to zero-byte allocation and out-of-bounds write. A malicious server could send an SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max unsigned integer value. \n \n**4\\. CVE-2019-3858: **Possible zero-byte allocation leading to an out-of-bounds. Attacking server can send a specially crafted partial SFTP packet with a zero value for the payload length, allowing attackers to cause a Denial of Service or read data in the client memory. \n \n**5\\. CVE-2019-3859:** Out-of-bounds reads with specially crafted payloads due to unchecked use of \"_libssh2_packet_require and _libssh2_packet_requirev.\" A server could send a specially crafted partial packet in response to various commands such as: sha1 and sha226 key exchange, user auth list, user auth password response, allowing attackers to cause a Denial of Service or read data in the client memory. \n \n**6\\. CVE-2019-3860: **Out-of-bounds reads with specially crafted SFTP packets that also lead to Denial of Service or read data in the client memory attacks. \n\n\n \n**7\\. CVE-2019-3861:** Out-of-bounds reads with specially crafted SSH packets that occurs when the padding length value is greater than the packet length, resulting in the parsing of the corrupted packet. \n \n**8\\. CVE-2019-3862: **An out of bounds read issue occurs when the server sends specially crafted SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload, resulting in Denial of Service or read data in the client memory. \n \n**9\\. CVE-2019-3863: **Integer overflow in the user authenticated keyboard interactive allows out-of-bounds writes. \n \nThese security vulnerabilities affect all versions of Libssh2 prior to version 1.8.1, and fortunately, there is reportedly no known exploits of these flaw at this time on the Internet. \n \nChris Coulson of Canonical Ltd. was credited for discovering all the nine security vulnerabilities and responsibly disclosing them to the Libssh developers. \n \nIf you are using Libssh, install the updated version of Libssh as soon as possible. \n \nThis is not the first time when the popular library has been found vulnerable to security issues. Late last year, its developers patched a [four-year-old severe vulnerability](<https://thehackernews.com/2018/10/libssh-ssh-protocol-library.html>) in Libssh that allowed unauthenticated attackers to gain unfettered administrative control over a vulnerable server without requiring a password.\n", "modified": "2019-03-19T10:27:25", "published": "2019-03-19T10:27:00", "id": "THN:B9050A4E7D2CE55A80B70F1870DE2C24", "href": "https://thehackernews.com/2019/03/libssh2-vulnerabilities.html", "type": "thn", "title": "Libssh Releases Update to Patch 9 New Security Vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). ", "modified": "2019-04-05T00:02:26", "published": "2019-04-05T00:02:26", "id": "FEDORA:AE8F7609A16B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: libssh2-1.8.2-1.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). ", "modified": "2019-04-05T01:56:16", "published": "2019-04-05T01:56:16", "id": "FEDORA:38A4C6077C04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libssh2-1.8.1-1.fc28", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). ", "modified": "2019-03-23T02:58:27", "published": "2019-03-23T02:58:27", "id": "FEDORA:58CB8605B469", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: libssh2-1.8.1-1.fc29", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13115", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863"], "description": "libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). ", "modified": "2019-08-04T02:40:41", "published": "2019-08-04T02:40:41", "id": "FEDORA:A0C3B66ADC4F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: libssh2-1.9.0-1.fc29", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2020-12-08T05:23:24", "bulletinFamily": "tools", "cvelist": ["CVE-2019-6975", "CVE-2018-20346", "CVE-2019-3863", "CVE-2018-20505", "CVE-2018-14404", "CVE-2016-5385", "CVE-2019-11358", "CVE-2019-3861", "CVE-2017-7614", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-3858", "CVE-2018-14567", "CVE-2018-17456", "CVE-2017-14930", "CVE-2016-1252", "CVE-2015-5224", "CVE-2019-3462", "CVE-2018-20482", "CVE-2018-20685", "CVE-2019-3857", "CVE-2016-0634", "CVE-2018-16890", "CVE-2019-1543", "CVE-2018-3721", "CVE-2018-9251", "CVE-2018-12699", "CVE-2018-14618", "CVE-2019-6109", "CVE-2014-9939", "CVE-2019-5428", "CVE-2016-7543", "CVE-2019-9924", "CVE-2016-9401", "CVE-2011-3374", "CVE-2019-3856", "CVE-2017-13716", "CVE-2016-2779", "CVE-2019-3862", "CVE-2018-19486", "CVE-2018-20506", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-6111", "CVE-2019-3860", "CVE-2019-3822", "CVE-2018-3741", "CVE-2018-16839", "CVE-2017-8421", "CVE-2018-16842", "CVE-2018-16487"], "description": "A Simple and Comprehensive [ Vulnerability Scanner ](<https://www.kitploit.com/search/label/Vulnerability%20Scanner> \"Vulnerability Scanner\" ) for Containers, Suitable for CI. \n \n\n\n[  ](<https://1.bp.blogspot.com/-1UySMBavE18/XbTjD34g1JI/AAAAAAAAQu4/4Te6530_9tYsuMryQd-Se0KGB4nkAY7IgCNcBGAsYHQ/s1600/trivy_7_usage.gif>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-TYOxC4Qbct0/XbTjCrjEsxI/AAAAAAAAQuw/YGfdv_fB-HcijuGyoJsxeM2l4q1D9lcPgCNcBGAsYHQ/s1600/trivy_9_usage2.png>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-sAp8dBwyVio/XbTjC1BIl1I/AAAAAAAAQu0/jfNQGljukp47bc9yJ_QX6nghXis43LkJQCNcBGAsYHQ/s1600/trivy_8_usage1.png>)\n\n \n** Abstract ** \n` Trivy ` ( ` tri ` pronounced like ** tri ** gger, ` vy ` pronounced like en ** vy ** ) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. ` Trivy ` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). ` Trivy ` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of container. \nIt is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily. See [ here ](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"here\" ) for details. \n \n** Features ** \n\n\n * Detect comprehensive vulnerabilities \n * OS packages (Alpine, ** Red Hat Universal Base Image ** , [ Red Hat Enterprise ](<https://www.kitploit.com/search/label/Red%20Hat%20Enterprise> \"Red Hat Enterprise\" ) Linux, CentOS, Debian and Ubuntu) \n * ** Application dependencies ** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo) \n * Simple \n * Specify only an image name \n * See [ Quick Start ](<https://github.com/aquasecurity/trivy#quick-start> \"Quick Start\" ) and [ Examples ](<https://github.com/aquasecurity/trivy#examples> \"Examples\" )\n * Easy installation \n * ` apt-get install ` , ` yum install ` and ` brew install ` is possible (See [ Installation ](<https://github.com/aquasecurity/trivy#installation> \"Installation\" ) ) \n * ** No need for prerequirements ** such as installation of DB, libraries, etc. (The exception is that you need ` rpm ` installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image. See [ Vulnerability Detection ](<https://github.com/aquasecurity/trivy#vulnerability-detection> \"Vulnerability Detection\" ) for background information.) \n * High accuracy \n * ** Especially Alpine Linux and RHEL/CentOS **\n * Other OSes are also high \n * DevSecOps \n * ** Suitable for CI ** such as Travis CI, CircleCI, Jenkins, etc. \n * See [ CI Example ](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"CI Example\" )\n \n** Installation ** \n \n** RHEL/CentOS ** \nAdd repository setting to ` /etc/yum.repos.d ` . \n\n \n \n $ sudo vim /etc/yum.repos.d/trivy.repo\n [trivy]\n name=Trivy repository\n baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/\n gpgcheck=0\n enabled=1\n $ sudo yum -y update\n $ sudo yum -y install trivy\n\nor \n\n \n \n $ rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.rpm\n\n \n** Debian/Ubuntu ** \nAdd repository to ` /etc/apt/sources.list.d ` . \n\n \n \n $ sudo apt-get install wget apt-transport-https gnupg lsb-release\n $ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\n $ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\n $ sudo apt-get update\n $ sudo apt-get install trivy\n\nor \n\n \n \n $ sudo apt-get install rpm\n $ wget https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.deb\n $ sudo dpkg -i trivy_0.1.6_Linux-64bit.deb\n\n \n** Arch Linux ** \nPackage trivy-bin can be installed from the Arch User Repository. Examples: \n\n \n \n pikaur -Sy trivy-bin\n\nor \n\n \n \n yay -Sy trivy-bin\n\n \n** Homebrew ** \nYou can use homebrew on macOS. \n\n \n \n $ brew install aquasecurity/trivy/trivy\n\n \n** Binary (Including Windows) ** \nGet the latest version from [ this page ](<https://github.com/aquasecurity/trivy/releases/latest> \"this page\" ) , and download the archive file for your operating system/architecture. Unpack the archive, and put the binary somewhere in your ` $PATH ` (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on. \nYou also need to install ` rpm ` command for scanning images based on RHEL/CentOS. \n \n** From source ** \n\n \n \n $ mkdir -p $GOPATH/src/github.com/aquasecurity\n $ cd $GOPATH/src/github.com/aquasecurity\n $ git clone https://github.com/aquasecurity/trivy\n $ cd trivy/cmd/trivy/\n $ export GO111MODULE=on\n $ go install\n\nYou also need to install ` rpm ` command for scanning images based on RHEL/CentOS. \n \n** Quick Start ** \nSimply specify an image name (and a tag). ** The ` latest ` tag should be avoided as problems occur with cache. ** . See [ Clear image caches ](<https://github.com/aquasecurity/trivy#clear-image-caches> \"Clear image caches\" ) . \n \n** Basic ** \n\n \n \n $ trivy [YOUR_IMAGE_NAME]\n\nFor example: \n\n \n \n $ trivy python:3.4-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n** Docker ** \nReplace [YOUR_CACHE_DIR] with the cache directory on your machine. \n\n \n \n $ docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy [YOUR_IMAGE_NAME]\n\nExample for macOS: \n\n \n \n $ docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nIf you would like to scan the image on your host machine, you need to mount ` docker.sock ` . \n\n \n \n $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \\\n -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nPlease re-pull latest ` aquasec/trivy ` if an error occurred. \n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n** Examples ** \n \n** Scan an image ** \nSimply specify an image name (and a tag). \n\n \n \n $ trivy knqyf263/vuln-image:1.2.3\n\n \n \nResult \n\n \n \n 2019-05-16T12:58:55.967+0900 INFO Updating vulnerability database...\n 2019-05-16T12:59:03.150+0900 INFO Detecting Alpine vulnerabilities...\n 2019-05-16T12:59:03.156+0900 INFO Updating bundler Security DB...\n 2019-05-16T12:59:04.941+0900 INFO Detecting bundler vulnerabilities...\n 2019-05-16T12:59:04.942+0900 INFO Updating cargo Security DB...\n 2019-05-16T12:59:05.967+0900 INFO Detecting cargo vulnerabilities...\n 2019-05-16T12:59:05.967+0900 INFO Updating composer Security DB...\n 2019-05-16T12:59:07.834+0900 INFO Detecting composer vulnerabilities...\n 2019-05-16T12:59:07.834+0900 INFO Updating npm Security DB...\n 2019-05-16T12:59:10.285+0900 INFO Detecting npm vulnerabilities...\n 2019-05-16T12:59:10.285+0900 INFO Updating pipenv Security DB...\n 2019-05-16T12:59:11.487+0900 INFO Detecting pipenv vulnerabilities...\n \n knqyf263/vuln-image:1.2.3 (alpine 3.7.1)\n ===== ===================================\n Total: 26 (UNKNOWN: 0, LOW: 3, MEDIUM: 16, HIGH: 5, CRITICAL: 2)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-16842 | MEDIUM | | | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16890 | | | 7.61.1-r2 | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3823 | | | | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+-- ----------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3859 | MEDIUM | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_packet_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-bounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | l ibssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3861 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14567 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14404 | | | | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+- ---------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing character |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Impro per validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via corrupted internal... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n \n ruby-app/Gemfile.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +----------------------+------------------+----------+-------------------+----------- ----+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +----------------------+------------------+----------+-------------------+---------------+--------------------------------+\n | rails-html-sanitizer | CVE-2018-3741 | MEDIUM | 1.0.3 | >= 1.0.4 | rubygem-rails-html-sanitizer: |\n | | | | | | non-whitelisted attributes |\n | | | | | | are present in sanitized |\n | | | | | | output when input with |\n | | | | | | specially-crafted... |\n +----------------------+------------------+----------+- ------------------+---------------+--------------------------------+\n \n rust-app/Cargo.lock\n ===================\n Total: 3 (UNKNOWN: 3, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | ammonia | RUSTSEC-2019-0001 | UNKNOWN | 1.9.0 | >= 2.1.0 | Uncontrolled recursion leads |\n | | | | | | to abort in HTML serialization |\n +---------+-------------------+ +-------------------+---------------+--------------------------------+\n | openssl | RUSTSEC-2016-0001 | | 0.8.3 | >= 0.9.0 | SSL/TLS MitM vulne rability due |\n | | | | | | to insecure defaults |\n + +-------------------+ + +---------------+--------------------------------+\n | | RUSTSEC-2018-0010 | | | >= 0.10.9 | Use after free in CMS Signing |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n \n php-app/composer.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------- -----+\n | guzzlehttp/guzzle | CVE-2016-5385 | MEDIUM | 6.2.0 | 6.2.1, 4.2.4, 5.3.1 | PHP: sets environmental |\n | | | | | | variable based on user |\n | | | | | | supplied Proxy request header |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n \n node-app/package-lock.json\n ==========================\n Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+---------------- ----------------+\n | jquery | CVE-2019-5428 | MEDIUM | 3.3.9 | >=3.4.0 | Modification of |\n | | | | | | Assumed-Immutable Data (MAID) |\n + +------------------+ + + +--------------------------------+\n | | CVE-2019-11358 | | | | js-jquery: prototype pollution |\n | | | | | | in object's prototype leading |\n | | | | | | to denial of service or... |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | lodash | CVE-2018-16487 | HIGH | 4.17.4 | >=4.17.11 | lodash: Prototype pollution in |\n | | | | | | utilities function |\n + +------------------+----------+ +---------------+ +\n | | CVE-2018-3721 | MEDIUM | | >=4.17.5 | |\n | | | | | | |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n \n python-app/Pipfile.lock\n =======================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | django | CVE-2019-6975 | MEDIUM | 2.0.9 | 2.0.11 | python-django: |\n | | | | | | memory exhaustion in |\n | | | | | | django.utils.numberformat.format() |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n\n \n \n** Scan an image file ** \n\n \n \n $ docker save ruby:2.3.0-alpine3.9 -o ruby-2.3.0.tar\n $ trivy --input ruby-2.3.0.tar\n\n \n \nResult \n\n \n \n 2019-05-16T12:45:57.332+0900 INFO Updating vulnerability database...\n 2019-05-16T12:45:59.119+0900 INFO Detecting Debian vulnerabilities...\n \n ruby-2.3.0.tar (debian 8.4)\n ===========================\n Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)\n \n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2011-3374 | LOW | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2016-7543 | HIGH | 4.3-11 | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +---------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2019-9924 | | | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | 4.3-11+deb8u1 | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n + +---------------------+ + +----------------------------------+--------------------- --------------------------------+\n | | TEMP-0841856-B18BAF | | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------\n ...\n\n \n \n** Save the results as JSON ** \n\n \n \n $ trivy -f json -o results.json golang:1.12-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:46:31.777+0900 INFO Updating vulnerability database...\n 2019-05-16T01:47:03.007+0900 INFO Detecting Alpine vulnerabilities...\n\n \nJSON \n\n \n \n [\n {\n \"Target\": \"php-app/composer.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"node-app/package-lock.json\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-16487\",\n \"PkgName\": \"lodash\",\n \"InstalledVersion\": \"4.17.4\",\n \"FixedVersion\": \"\\u003e=4.17.11\",\n \"Title\": \"lodash: Prototype pollution in utilities function\",\n \"Description\": \"A prototype pollution vulnerability was found in lodash \\u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487\",\n ]\n }\n ]\n },\n {\n \"Target\": \"trivy-ci-test (alpine 3.7.1)\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-1 6840\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Use-after-free when closing \\\"easy\\\" handle in Curl_close()\",\n \"Description\": \"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2019-3822\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r2\",\n \"Title\": \"curl: NTLMv2 type-3 header stack buffer overflow\",\n \"Description\": \"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https:/ /curl.haxx.se/docs/CVE-2019-3822.html\",\n \"https://lists.apache.org/thread.html/[email\u00a0protected]%3Cdevnull.infra.apache.org%3E\"\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-16839\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()\",\n \"Description\": \"Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-19486\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: Improper handling of PATH allows for commands to be executed from the current directory\",\n \"Description\": \"Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://usn.ubuntu.com/3829-1/\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-17456\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: arbitrary code execution via .gitmodules\",\n \"Description\": \"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows [remote code execution](<https://www.kitploit.com/search/label/Remote%20Code%20Execution> \"remote code execution\" ) during processing of a recursive \\\"git clone\\\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"http://www.securitytracker.com/id/1041811\",\n ]\n }\n ]\n },\n {\n \"Target\": \"python-app/Pipfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"ruby-app/Gemfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"rust-app/Cargo.lock\",\n \"Vulnerabilities\": null\n }\n ]\n\n \n \n** Filter the vulnerabilities by severities ** \n\n \n \n $ trivy --severity HIGH,CRITICAL ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T01:51:46.255+0900 INFO Updating vulnerability database...\n 2019-05-16T01:51:49.213+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 1785 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1680, CRITICAL: 105)\n \n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of t he |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | binutils | CVE-2017-8421 | | 2.25-5 | | binutils: Memory exhaustion in |< br/>| | | | | | objdump via a crafted PE file |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-14930 | | | | binutils: Memory leak in |\n | | | | | | decode_line_info |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-7614 | | | | binutils: NULL |\n | | | | | | pointer dereference in |\n | | | | | | bfd_elf_final_link function |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2014-9939 | | | | binutils: buffer overflow in |\n | | | | | | ihex.c |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-13716 | | | | binutils: Memory leak with the |\n | | | | | | C++ symbol demangler routine |\n | | | | | | in libiberty |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2018-12699 | | | | binutils: heap-based buffer |\n | | | | | | overflow in finish_stab in |\n | | | | | | stabs.c |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | bsdutils | CVE-2015-5224 | | 2.25.2-6 | | util-linux: File name |\n | | | | | | collision due to incorrect |\n | | | | | | mkstemp use |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-2779 | | | | util-linux: runuser tty hijack |\n | | | | | | via TIOCSTI ioctl |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n\n \n \n** Filter the vulnerabilities by type ** \n\n \n \n $ trivy --vuln-type os ruby:2.3.0\n\nAvailable values: \n\n\n * library \n * os \n \nResult \n\n \n \n 2019-05-22T19:36:50.530+0200 [34mINFO[0m Updating vulnerability database...\n 2019-05-22T19:36:51.681+0200 [34mINFO[0m Detecting Alpine vulnerabilities...\n 2019-05-22T19:36:51.685+0200 [34mINFO[0m Updating npm Security DB...\n 2019-05-22T19:36:52.389+0200 [34mINFO[0m Detecting npm vulnerabilities...\n 2019-05-22T19:36:52.390+0200 [34mINFO[0m Updating pipenv Security DB...\n 2019-05-22T19:36:53.406+0200 [34mINFO[0m Detecting pipenv vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n Total: 4751 (UNKNOWN: 1, LOW: 150, MEDIUM: 3504, HIGH: 1013, CRITICAL: 83)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------- -----+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2019-3823 | MEDIUM | | 7.61.1-r2 | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-16890 | | | | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16842 | | | 7.61.1-r1 | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3861 | MEDIUM | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +-------------- ----+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-b ounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3859 | | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_pack et_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14404 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14567 | | | | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing c haracter |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Improper validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | CVE-2018-20505 CVE-2018-20506 |\n | | | | | | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n\n \n** Skip update of vulnerability DB ** \n` Trivy ` always updates its vulnerability database when it starts operating. This is usually fast, as it is a difference update. But if you want to skip even that, use the ` --skip-update ` option. \n\n \n \n $ trivy --skip-update python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:48:08.703+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n\n \n \n** Update only specified distributions ** \nBy default, ` Trivy ` always updates its vulnerability database for all distributions. Use the ` --only-update ` option if you want to name specified distributions to update. \n\n \n \n $ trivy --only-update alpine,debian python:3.4-alpine3.9\n $ trivy --only-update alpine python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-21T19:37:06.301+0900 INFO Updating vulnerability database...\n 2019-05-21T19:37:07.793+0900 INFO Updating alpine data...\n 2019-05-21T19:37:08.127+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+----------------- -+----------+-------------------+---------------+--------------------------------+\n\n \n \n** Ignore unfixed vulnerabilities ** \nBy default, ` Trivy ` also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the ` --ignore-unfixed ` option. \n\n \n \n $ trivy --ignore-unfixed ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T12:49:52.656+0900 INFO Updating vulnerability database...\n 2019-05-16T12:50:14.786+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 4730 (UNKNOWN: 1, LOW: 145, MEDIUM: 3487, HIGH: 1014, CRITICAL: 83)\n \n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | I ncorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +------------------+----------+ + +-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n ...\n\n \n \n** Specify exit code ** \nBy default, ` Trivy ` exits with code 0 even when vulnerabilities are detected. Use the ` --exit-code ` option if you want to exit with a non-zero exit code. \n\n \n \n $ trivy --exit-code 1 python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:51:43.500+0900 INFO Updating vulnerability database...\n 2019-05-16T12:52:00.387+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n \nThis option is useful for CI/CD. In the following example, the test will fail only when a critical vulnerability is found. \n\n \n \n $ trivy --exit-code 0 --severity MEDIUM,HIGH ruby:2.3.0\n $ trivy --exit-code 1 --severity CRITICAL ruby:2.3.0\n\n \n** Ignore the specified vulnerabilities ** \nUse ` .trivyignore ` . \n\n \n \n $ cat .trivyignore\n # Accept the risk\n CVE-2018-14618\n \n # No impact in our settings\n CVE-2019-1543\n \n $ trivy python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:53:10.076+0900 INFO Updating vulnerability database...\n 2019-05-16T12:53:28.134+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n\n \n \n** Specify cache directory ** \n\n \n \n $ trivy --cache-dir /tmp/trivy/ python:3.4-alpine3.9\n\n \n** Clear image caches ** \nThe ` --clear-cache ` option removes image caches. This option is useful if the image which has the same tag is updated (such as when using ` latest ` tag). \n\n \n \n $ trivy --clear-cache python:3.7\n\n \n \nResult \n\n \n \n 2019-05-16T12:55:24.749+0900 INFO Removing image caches...\n 2019-05-16T12:55:24.769+0900 INFO Updating vulnerability database...\n 2019-05-16T12:56:14.055+0900 INFO Detecting Debian vulnerabilities...\n \n python:3.7 (debian 9.9)\n =======================\n Total: 3076 (UNKNOWN: 0, LOW: 127, MEDIUM: 2358, HIGH: 578, CRITICAL: 13)\n \n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | apt | CVE-2011-3374 | LOW | 1.4.9 | | |\n +------------------------------+---------------------+ +--------------------------+------------------+-------------------------------------------------------+\n | bash | TEMP-0841856-B18BAF | | 4.4-5 | | |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n ...\n\n \n \n** Reset ** \nThe ` --reset ` option removes all caches and database. After this, it takes a long time as the vulnerability database needs to be rebuilt locally. \n\n \n \n $ trivy --reset\n\n \n \nResult \n\n \n \n 2019-05-16T13:05:31.935+0900 INFO Resetting...\n\n \n \n** Continuous Integration (CI) ** \nScan your image built in Travis CI/CircleCI. The test will fail if a vulnerability is found. When you don't want to fail the test, specify ` --exit-code 0 ` . \n** Note ** : It will take a while for the first time (faster by cache after the second time). \n \n** Travis CI ** \n\n \n \n $ cat .travis.yml\n services:\n - docker\n \n env:\n global:\n - COMMIT=${TRAVIS_COMMIT::8}\n \n before_install:\n - docker build -t trivy-ci-test:${COMMIT} .\n - export VERSION=$(curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | grep '\"tag_name\":' | sed -E 's/.*\"v([^\"]+)\".*/\\1/')\n - wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n - tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n script:\n - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n cache:\n directories:\n - $HOME/.cache/trivy\n\nExample: [ https://travis-ci.org/aquasecurity/trivy-ci-test ](<https://travis-ci.org/aquasecurity/trivy-ci-test> \"https://travis-ci.org/aquasecurity/trivy-ci-test\" ) \nRepository: [ https://github.com/aquasecurity/trivy-ci-test ](<https://github.com/aquasecurity/trivy-ci-test> \"https://github.com/aquasecurity/trivy-ci-test\" ) \n \n** CircleCI ** \n\n \n \n $ cat .circleci/config.yml\n jobs:\n build:\n docker:\n - image: docker:18.09-git\n steps:\n - checkout\n - setup_remote_docker\n - restore_cache:\n key: vulnerability-db\n - run:\n name: Build image\n command: docker build -t trivy-ci-test:${CIRCLE_SHA1} .\n - run:\n name: Install trivy\n command: |\n apk add --update curl\n VERSION=$(\n curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | \\\n grep '\"tag_name\":' | \\\n sed -E 's/.*\"v([^\"]+)\".*/\\1/'\n )\n \n wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n mv trivy /usr/local/bin\n - run:\n name: Scan the lo cal image with trivy\n command: trivy --exit-code 0 --no-progress --auto-refresh trivy-ci-test:${CIRCLE_SHA1}\n - save_cache:\n key: vulnerability-db\n paths:\n - $HOME/.cache/trivy\n workflows:\n version: 2\n release:\n jobs:\n - build\n\nExample: [ https://circleci.com/gh/aquasecurity/trivy-ci-test ](<https://circleci.com/gh/aquasecurity/trivy-ci-test> \"https://circleci.com/gh/aquasecurity/trivy-ci-test\" ) \nRepository: [ https://github.com/aquasecurity/trivy-ci-test ](<https://github.com/aquasecurity/trivy-ci-test> \"https://github.com/aquasecurity/trivy-ci-test\" ) \n \n** Authorization for Private Docker Registry ** \nTrivy can download images from private registry, without installing ` Docker ` and any 3rd party tools. That's because it's easy to run in a CI process. \nAll you have to do is install ` Trivy ` and set ENV vars. But, I can't recommend using ENV vars in your local machine to you. \n \n** Docker Hub ** \nDocker Hub needs ` TRIVY_AUTH_URL ` , ` TRIVY_USERNAME ` and ` TRIVY_PASSWORD ` . You don't need to set ENV vars when download from public repository. \n\n \n \n export TRIVY_AUTH_URL=https://registry.hub.docker.com\n export TRIVY_USERNAME={DOCKERHUB_USERNAME}\n export TRIVY_PASSWORD={DOCKERHUB_PASSWORD}\n\n \n** Amazon ECR (Elastic Container Registry) ** \nTrivy uses AWS SDK. You don't need to install ` aws ` CLI tool. You can use [ AWS CLI's ENV Vars ](<https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html> \"AWS CLI's ENV Vars\" ) . \n \n** GCR (Google Container Registry) ** \nTrivy uses Google Cloud SDK. You don't need to install ` gcloud ` command. \nIf you want to use target project's repository, you can settle via ` GOOGLE_APPLICATION_CREDENTIAL ` . \n\n \n \n # must set TRIVY_USERNAME empty char\n export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential.json\n\n \n** Self Hosted Registry (BasicAuth) ** \nBasicAuth server needs ` TRIVY_USERNAME ` and ` TRIVY_PASSWORD ` . \n\n \n \n export TRIVY_USERNAME={USERNAME}\n export TRIVY_PASSWORD={PASSWORD}\n \n # if you want to use 80 port, use NonSSL\n export TRIVY_NON_SSL=true\n\n \n** Vulnerability Detection ** \n \n** OS Packages ** \nThe unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. \nOS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities \n---|---|---|--- \nAlpine Linux | 2.2 - 2.7, 3.0 - 3.10 | Installed by apk | NO \nRed Hat Universal Base Image | 7, 8 | Installed by yum/rpm | YES \nRed Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES \nCentOS | 6, 7 | Installed by yum/rpm | YES \nDebian GNU/Linux | wheezy, jessie, stretch, buster | Installed by apt/apt-get/dpkg | YES \nUbuntu | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | Installed by apt/apt-get/dpkg | YES \nRHEL and CentOS package information is stored in a binary format, and Trivy uses the ` rpm ` executable to parse this information when scanning an image based on RHEL or CentOS. The Trivy container image includes ` rpm ` , and the installers include it as a dependency. If you installed the ` trivy ` binary using ` wget ` or ` curl ` , or if you build it from source, you will also need to ensure that ` rpm ` is available. \n \n** Application Dependencies ** \n` Trivy ` automatically detects the following files in the container and scans vulnerabilities in the application dependencies. \n\n\n * Gemfile.lock \n * Pipfile.lock \n * poetry.lock \n * composer.lock \n * package-lock.json \n * yarn.lock \n * Cargo.lock \nThe path of these files does not matter. \nExample: [ https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile ](<https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile> \"https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile\" ) \n \n** Data source ** \n\n\n * PHP \n * [ https://github.com/FriendsOfPHP/security-advisories ](<https://github.com/FriendsOfPHP/security-advisories> \"https://github.com/FriendsOfPHP/security-advisories\" )\n * Python \n * [ https://github.com/pyupio/safety-db ](<https://github.com/pyupio/safety-db> \"https://github.com/pyupio/safety-db\" )\n * Ruby \n * [ https://github.com/rubysec/ruby-advisory-db ](<https://github.com/rubysec/ruby-advisory-db> \"https://github.com/rubysec/ruby-advisory-db\" )\n * Node.js \n * [ https://github.com/nodejs/security-wg ](<https://github.com/nodejs/security-wg> \"https://github.com/nodejs/security-wg\" )\n * Rust \n * [ https://github.com/RustSec/advisory-db ](<https://github.com/RustSec/advisory-db> \"https://github.com/RustSec/advisory-db\" )\n \n** Usage ** \n\n \n \n NAME:\n trivy - A simple and comprehensive vulnerability scanner for containers\n USAGE:\n trivy [options] image_name\n VERSION:\n 0.1.6\n OPTIONS:\n --format value, -f value format (table, json) (default: \"table\")\n --input value, -i value input file path instead of image name\n --severity value, -s value severities of vulnerabilities to be displayed (comma separated) (default: \"UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL\")\n --output value, -o value output file name\n --exit-code value Exit code when vulnerabilities were found (default: 0)\n --skip-update skip db update\n --only-update value update db only specified distribution (comma separated)\n --reset remove all caches and database\n --clear-cache, -c clear image caches\n --quiet, -q suppress progress bar and log output\n --no-progress suppress progress bar\n - -ignore-unfixed display only fixed vulnerabilities\n --refresh refresh DB (usually used after version update of trivy)\n --auto-refresh refresh DB automatically when updating version of trivy\n --debug, -d debug mode\n --vuln-type value comma-separated list of vulnerability types (os,library) (default: \"os,library\")\n --cache-dir value cache directory (default: \"/path/to/cache\")\n --help, -h show help\n --version, -v print the version\n\n \n \n** Migration ** \nOn 19 August 2019, Trivy's repositories moved from ` knqyf263/trivy ` to ` aquasecurity/trivy ` . If you previously installed Trivy you should update any scripts or package manager records as described in this section. \n \n** Overview ** \nIf you have a script that installs Trivy (for example into your CI pipelines) you should update it to obtain it from the new location by replacing knqyf263/trivy with aquasecurity/trivy. \nFor example: \n\n \n \n # Before\n $ wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n \n # After\n $ wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n\n \n** CentOS/RedHat ** \nUse [ https://aquasecurity.github.io ](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [ https://knqyf263.github.io ](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ) . \n\n \n \n $ yum remove trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/yum.repos.d/trivy.repo\n $ yum update\n $ yum install trivy\n\n \n** Debian/Ubuntu ** \nUse [ https://aquasecurity.github.io ](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [ https://knqyf263.github.io ](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ) . \n\n \n \n $ apt-get remove --purge trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/apt/sources.list.d/trivy.list\n $ apt-get update\n $ apt-get install trivy\n\n \n** Homebrew ** \nTap aquasecurity/trivy \n\n \n \n $ brew uninstall --force trivy\n $ brew untap knqyf263/trivy\n $ brew install aquasecurity/trivy/trivy\n\n \n** Binary (Including Windows) ** \nNo need to fix. \n \n** Others ** \n \n** Detected version update of trivy. Please try again with --refresh option ** \nTry again with ` --refresh ` option: \n\n \n \n $ trivy --refresh alpine:3.9\n\n \n** Unknown error ** \nTry again with ` --reset ` option: \n\n \n \n $ trivy --reset\n\n \n** Credits ** \n\n\n * Special thanks to [ Tomoya Amachi ](<https://github.com/tomoyamachi> \"Tomoya Amachi\" )\n * Special thanks to [ Masahiro Fujimura ](<https://github.com/masahiro331> \"Masahiro Fujimura\" )\n * Special thanks to [ Naoki Harima ](<https://github.com/XapiMa> \"Naoki Harima\" )\n \n** Author ** \nTeppei Fukuda (knqyf263) \n \n \n\n\n** [ Download Trivy ](<https://github.com/aquasecurity/trivy> \"Download Trivy\" ) **\n", "edition": 212, "modified": "2019-11-05T12:00:00", "published": "2019-11-05T12:00:00", "id": "KITPLOIT:7323577050718865961", "href": "http://www.kitploit.com/2019/11/trivy-simple-and-comprehensive.html", "title": "Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI", "type": "kitploit", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2020-12-24T15:41:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2020-01-22T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-16T04:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2019-2946", "CVE-2019-2954", "CVE-2019-0220", "CVE-2019-2973", "CVE-2018-19362", "CVE-2019-2993", "CVE-2019-5435", "CVE-2019-2984", "CVE-2019-2734", "CVE-2019-2982", "CVE-2019-3012", "CVE-2019-2899", "CVE-2019-3863", "CVE-2019-2992", "CVE-2015-9251", "CVE-2019-2886", "CVE-2019-1547", "CVE-2019-2907", "CVE-2017-9735", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2968", "CVE-2016-7103", "CVE-2019-2945", "CVE-2019-2942", "CVE-2019-10247", "CVE-2017-17558", "CVE-2019-2955", "CVE-2019-10098", "CVE-2019-11358", "CVE-2019-3861", "CVE-2019-2943", "CVE-2019-0217", "CVE-2019-14540", "CVE-2019-3027", "CVE-2018-12384", "CVE-2018-12538", "CVE-2019-2940", "CVE-2019-2902", "CVE-2018-19361", "CVE-2019-2948", "CVE-2017-7657", "CVE-2019-2896", "CVE-2019-3000", "CVE-2019-3003", "CVE-2019-2883", "CVE-2019-2930", "CVE-2019-3025", "CVE-2016-5425", "CVE-2019-3015", "CVE-2019-2920", "CVE-2019-2915", "CVE-2017-7658", "CVE-2019-2983", "CVE-2018-15756", "CVE-2019-9936", "CVE-2019-2991", "CVE-2019-2926", "CVE-2018-14719", "CVE-2019-3026", "CVE-2019-2901", "CVE-2019-2966", "CVE-2019-3858", "CVE-2019-2995", "CVE-2019-2980", "CVE-2019-3024", "CVE-2019-2906", "CVE-2019-2999", "CVE-2019-2927", "CVE-2017-12626", "CVE-2019-2997", "CVE-2019-2959", "CVE-2019-3014", "CVE-2019-5436", "CVE-2019-2962", "CVE-2019-3004", "CVE-2019-2944", "CVE-2019-2952", "CVE-2019-0211", "CVE-2018-14720", "CVE-2016-0729", "CVE-2019-2974", "CVE-2019-3002", "CVE-2019-2964", "CVE-2019-2884", "CVE-2019-2960", "CVE-2019-2976", "CVE-2018-14718", "CVE-2018-8032", "CVE-2019-2898", "CVE-2019-2932", "CVE-2019-2971", "CVE-2019-2929", "CVE-2019-1549", "CVE-2019-0232", "CVE-2019-2900", "CVE-2019-12814", "CVE-2019-2897", "CVE-2019-12384", "CVE-2018-18065", "CVE-2019-2905", "CVE-2018-20685", "CVE-2019-9937", "CVE-2019-3020", "CVE-2019-2936", "CVE-2019-10082", "CVE-2019-2963", "CVE-2018-2875", "CVE-2019-3857", "CVE-2019-2949", "CVE-2019-2935", "CVE-2019-1563", "CVE-2019-3031", "CVE-2019-9511", "CVE-2018-12404", "CVE-2019-3008", "CVE-2019-1543", "CVE-2019-2910", "CVE-2019-2950", "CVE-2016-8610", "CVE-2018-1000873", "CVE-2018-1000007", "CVE-2018-7185", "CVE-2019-3010", "CVE-2019-2889", "CVE-2019-2888", "CVE-2019-2925", "CVE-2019-2961", "CVE-2015-5180", "CVE-2018-14721", "CVE-2019-2913", "CVE-2019-2922", "CVE-2019-3001", "CVE-2019-3005", "CVE-2019-10081", "CVE-2019-2891", "CVE-2019-2937", "CVE-2019-0215", "CVE-2019-6109", "CVE-2019-8457", "CVE-2019-3018", "CVE-2019-2994", "CVE-2019-2958", "CVE-2018-8034", "CVE-2019-3021", "CVE-2019-2887", "CVE-2019-2947", "CVE-2019-14439", "CVE-2019-16335", "CVE-2019-1552", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-2939", "CVE-2017-6056", "CVE-2018-18066", "CVE-2019-0196", "CVE-2019-2911", "CVE-2019-3022", "CVE-2018-12536", "CVE-2019-3856", "CVE-2017-7656", "CVE-2019-2996", "CVE-2019-10097", "CVE-2019-2957", "CVE-2019-3011", "CVE-2019-3862", "CVE-2019-2894", "CVE-2018-19360", "CVE-2019-2975", "CVE-2019-2972", "CVE-2019-2988", "CVE-2019-2904", "CVE-2019-10092", "CVE-2019-10072", "CVE-2017-16531", "CVE-2019-2998", "CVE-2019-17091", "CVE-2019-3855", "CVE-2019-2890", "CVE-2019-3859", "CVE-2019-2985", "CVE-2019-2951", "CVE-2019-2990", "CVE-2019-1559", "CVE-2018-1320", "CVE-2019-2923", "CVE-2018-3300", "CVE-2019-6111", "CVE-2019-2986", "CVE-2018-11784", "CVE-2018-8037", "CVE-2017-5645", "CVE-2019-3860", "CVE-2019-2953", "CVE-2019-2965", "CVE-2019-0188", "CVE-2019-3009", "CVE-2019-2941", "CVE-2016-4000", "CVE-2019-3023", "CVE-2019-2914", "CVE-2019-2979", "CVE-2019-2924", "CVE-2019-2981", "CVE-2019-3028", "CVE-2019-2765", "CVE-2019-2934", "CVE-2019-2987", "CVE-2019-2967", "CVE-2019-2977", "CVE-2018-11798", "CVE-2019-10246", "CVE-2018-12545", "CVE-2019-14379", "CVE-2019-2989", "CVE-2016-6814", "CVE-2019-2978", "CVE-2019-2970", "CVE-2019-2903", "CVE-2019-2933", "CVE-2019-5443", "CVE-2016-1000031", "CVE-2019-10241", "CVE-2019-2909", "CVE-2019-3017", "CVE-2019-2938", "CVE-2019-0227", "CVE-2019-2895", "CVE-2019-2872", "CVE-2019-2956", "CVE-2019-2931", "CVE-2018-16842", "CVE-2019-3019", "CVE-2019-2969", "CVE-2019-11068"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2566015.1>).\n", "modified": "2019-10-15T00:00:00", "published": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019-5072832", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2019", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}