Linux Distros Unpatched Vulnerability : CVE-2015-3146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers t...

CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

CVE-2015-3146

The CVE-2015-3146 issue affects libssh up to version 0.6.4 (pre-0.6.5). The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY handlers in package_cb.c do not properly validate state, enabling a crafted SSH packet to trigger a NULL pointer dereference and cause a denial of service (crash). Affected ...

Ubuntu 14.04 LTS : libssh vulnerabilities (USN-2912-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2912-1 advisory. Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash,...

USN-2912-1 libssh vulnerabilities

Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. CVE-2015-3146 Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits...

USN-2912-1: libssh vulnerabilities

Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. CVE-2015-3146 Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits...

DSA-3488-1 libssh - security update

Bulletin has no description...

SUSE SLED12 Security Update : libssh (SUSE-SU-2015:1707-2)

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages. Note that Tenable Network Security has extracted the preceding descripti...

SUSE-SU-2015:1707-1 Security update for libssh

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...

SUSE-SU-2015:1707-2 Security update for libssh

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...

Security fix for the ALT Linux 8 package libssh version 0.6.5-alt1

June 17, 2015 Sergey V Turchin 0.6.5-alt1 - new version - security fix: CVE-2015-3146...

Security fix for the ALT Linux 9 package libssh version 0.6.5-alt1

June 17, 2015 Sergey V Turchin 0.6.5-alt1 - new version - security fix: CVE-2015-3146...

Fedora 21 : libssh-0.6.5-1.fc21 (2015-7590)

Security fix for CVE-2015-3146 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

openSUSE Security Update : libssh (openSUSE-2015-355)

libssh was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3146: Specially crafted packages inserted into a connection could have lead to a client or server process crash via a NULL pointer dereference. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...