Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2015-2140.NASL
HistoryNov 19, 2015 - 12:00 a.m.

RHEL 7 : libssh2 (RHSA-2015:2140)

2015-11-1900:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.006

Percentile

78.7%

JSON

Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The libssh2 packages provide a library that implements the SSH2 protocol.

A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. (CVE-2015-1782)

This update also fixes the following bugs :

  • Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy (SCP) protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected. (BZ#1080459)

  • Prior to this update, libssh2 did not properly initialize an internal variable holding the SSH agent file descriptor, which caused the agent destructor to close the standard input file descriptor by mistake. An upstream patch has been applied on libssh2 sources to properly initialize the internal variable. Now, libssh2 closes only the file descriptors it owns. (BZ#1147717)

All libssh2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:2140. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86932);
  script_version("2.11");
  script_cvs_date("Date: 2019/10/24 15:35:40");

  script_cve_id("CVE-2015-1782");
  script_xref(name:"RHSA", value:"2015:2140");

  script_name(english:"RHEL 7 : libssh2 (RHSA-2015:2140)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated libssh2 packages that fix one security issue and two bugs are
now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

The libssh2 packages provide a library that implements the SSH2
protocol.

A flaw was found in the way the kex_agree_methods() function of
libssh2 performed a key exchange when negotiating a new SSH session. A
man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet
to crash a connecting libssh2 client. (CVE-2015-1782)

This update also fixes the following bugs :

* Previously, libssh2 did not correctly adjust the size of the receive
window while reading from an SSH channel. This caused downloads over
the secure copy (SCP) protocol to consume an excessive amount of
memory. A series of upstream patches has been applied on the libssh2
source code to improve handling of the receive window size. Now, SCP
downloads work as expected. (BZ#1080459)

* Prior to this update, libssh2 did not properly initialize an
internal variable holding the SSH agent file descriptor, which caused
the agent destructor to close the standard input file descriptor by
mistake. An upstream patch has been applied on libssh2 sources to
properly initialize the internal variable. Now, libssh2 closes only
the file descriptors it owns. (BZ#1147717)

All libssh2 users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing these updated packages, all running applications using
libssh2 must be restarted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2015:2140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-1782"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libssh2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libssh2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libssh2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libssh2-docs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2015:2140";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", reference:"libssh2-1.4.3-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"libssh2-debuginfo-1.4.3-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"libssh2-devel-1.4.3-10.el7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"libssh2-docs-1.4.3-10.el7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh2 / libssh2-debuginfo / libssh2-devel / libssh2-docs");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxlibssh2p-cpe:/a:redhat:enterprise_linux:libssh2
redhatenterprise_linuxlibssh2-develp-cpe:/a:redhat:enterprise_linux:libssh2-devel
redhatenterprise_linuxlibssh2-docsp-cpe:/a:redhat:enterprise_linux:libssh2-docs
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux7.3cpe:/o:redhat:enterprise_linux:7.3
redhatenterprise_linux7.4cpe:/o:redhat:enterprise_linux:7.4
redhatenterprise_linux7.5cpe:/o:redhat:enterprise_linux:7.5
redhatenterprise_linux7.7cpe:/o:redhat:enterprise_linux:7.7
redhatenterprise_linux7.2cpe:/o:redhat:enterprise_linux:7.2
redhatenterprise_linux7.6cpe:/o:redhat:enterprise_linux:7.6
Rows per page:
1-10 of 111

Related

openvas 12
redhat 1
nessus 14
securityvulns 2
archlinux 1
mageia 1
centos 1
osv 2
altlinux 1
debiancve 1
fedora 3
freebsd 1
ibm 2
debian 3
cvelist 1
prion 1
ubuntucve 1
nvd 1
cve 1
oraclelinux 1
veracode 1
hackerone 1
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0107)
2022-01-28 00:00:00
RedHat Update for libssh2 RHSA-2015:2140-07
2015-11-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0669-1)
2021-04-19 00:00:00
redhat
redhat
(RHSA-2015:2140) Low: libssh2 security and bug fix update
2015-11-19 14:40:31
nessus
nessus
Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)
2015-03-30 00:00:00
Debian DSA-3182-1 : libssh2 - security update
2015-03-12 00:00:00
Fedora 22 : libssh2-1.5.0-1.fc22 (2015-3757)
2015-03-17 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-15 00:00:00
libssh2 DoS
2015-03-15 00:00:00
archlinux
archlinux
libssh2: out-of-bounds read
2015-04-09 00:00:00
mageia
mageia
Updated libssh2 packages fix CVE-2015-1782
2015-03-12 18:30:53
centos
centos
libssh2 security update
2015-11-30 19:41:07
osv
osv
libssh2 - security update
2015-03-14 00:00:00
libssh2 - security update
2015-03-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt2
2015-11-25 00:00:00
debiancve
debiancve
CVE-2015-1782
2015-03-13 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: libssh2-1.5.0-1.fc20
2015-03-30 07:12:45
[SECURITY] Fedora 21 Update: libssh2-1.5.0-1.fc21
2015-03-19 18:44:02
[SECURITY] Fedora 22 Update: libssh2-1.5.0-1.fc22
2015-03-15 10:52:44
freebsd
freebsd
libssh2 -- denial of service vulnerability
2015-01-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782)
2018-06-18 01:30:32
Security Bulletin: Vulnerability in libssh2 affects SAN Volume Controller and Storwize Family (CVE-2015-1782)
2023-03-29 01:48:02
debian
debian
[SECURITY] [DLA 171-1] libssh2 security update
2015-03-14 18:15:50
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-11 11:04:21
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-11 11:04:21
cvelist
cvelist
CVE-2015-1782
2015-03-13 14:00:00
prion
prion
Stack overflow
2015-03-13 14:59:00
ubuntucve
ubuntucve
CVE-2015-1782
2015-03-13 00:00:00
nvd
nvd
CVE-2015-1782
2015-03-13 14:59:00
cve
cve
CVE-2015-1782
2015-03-13 14:59:00
oraclelinux
oraclelinux
libssh2 security and bug fix update
2015-11-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-01-27 08:55:57
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.006

Percentile

78.7%

JSON
Related for REDHAT-RHSA-2015-2140.NASL
openvas12redhat1nessus14securityvulns2archlinux1mageia1centos1osv2altlinux1debiancve1fedora3freebsd1ibm2debian3cvelist1prion1ubuntucve1nvd1cve1oraclelinux1veracode1hackerone1