Lucene search
RedhatCVELIST:CVE-2014-0017HistoryMar 14, 2014 - 3:00 p.m.
CVE-2014-0017
2014-03-1415:00:00
redhat
www.cve.org
1
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
References
lists.opensuse.org/opensuse-updates/2014-03/msg00036.html
lists.opensuse.org/opensuse-updates/2014-03/msg00040.html
secunia.com/advisories/57407
www.debian.org/security/2014/dsa-2879
www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
www.openwall.com/lists/oss-security/2014/03/05/1
www.ubuntu.com/usn/USN-2145-1
bugzilla.redhat.com/show_bug.cgi?id=1072191
Related
nessus
nessus
Mandriva Linux Security Advisory : libssh (MDVSA-2014:053)
2014-03-14 00:00:00
Fedora 19 : libssh-0.6.3-1.fc19 (2014-3485)
2014-03-17 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : libssh vulnerability (USN-2145-1)
2014-03-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 2879-1 (libssh - security update)
2014-03-13 00:00:00
Mageia: Security Advisory (MGASA-2014-0119)
2022-01-28 00:00:00
Fedora Update for libssh FEDORA-2014-3473
2014-03-12 00:00:00
seebug
seebug
LibsshιζΊε·η ηζε¨ζΌζ΄(CVE-2014-0017)
2014-03-07 00:00:00
ubuntu
ubuntu
libssh vulnerability
2014-03-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 8 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 9 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2014-0017
2014-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: libssh-0.6.3-1.fc20
2014-03-07 06:38:59
[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19
2014-03-15 15:21:52
[SECURITY] Fedora 20 Update: libssh-0.6.4-1.fc20
2015-01-03 19:10:54
debian
debian
[SECURITY] [DSA 2879-1] libssh security update
2014-03-13 21:54:28
debiancve
debiancve
CVE-2014-0017
2014-03-14 15:55:05
gentoo
gentoo
LibSSH: Information disclosure
2014-08-10 00:00:00
mageia
mageia
Updated libssh package fixes security vulnerability
2014-03-06 03:17:12
osv
osv
libssh - security update
2014-03-13 00:00:00
nvd
nvd
CVE-2014-0017
2014-03-14 15:55:05
securityvulns
securityvulns
[USN-2145-1] libssh vulnerability
2014-03-13 00:00:00
libssh PRNG attacks
2014-03-13 00:00:00
cve
cve
CVE-2014-0017
2014-03-14 15:55:05
freebsd
freebsd
libssh -- PRNG state reuse on forking servers
2014-03-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-14 15:55:00
slackware
slackware
[slackware-security] libssh
2015-04-22 01:20:42