CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

Mageia: Security Advisory (MGASA-2023-0357)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : proftpd (openSUSE-SU-2023:0421-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0421-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Updated libssh packages fix security vulnerabilities

New version 0.10.6 for fixing security vulnerabilities of CVE-2023-6004, CVE-2023-48795 Prefix Truncation Attacks in SSH Specification Terrapin Attack and CVE-2023-6918...

MGASA-2023-0357 Updated libssh packages fix security vulnerabilities

New version 0.10.6 for fixing security vulnerabilities of CVE-2023-6004, CVE-2023-48795 Prefix Truncation Attacks in SSH Specification Terrapin Attack and CVE-2023-6918...

[SECURITY] [DSA 5591-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq -...

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

DSA-5591-1 libssh - security update

Bulletin has no description...

GLSA-202312-16 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...

Libssh: missing checks for return values for digests

...

Fedora: Security Advisory (FEDORA-2023-0733306be9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202312-05 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-05 libssh: Multiple Vulnerabilities - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and t...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.1011)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.1011 advisory. - Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0...

libssh: Multiple Vulnerabilities

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Fedora 39 : libssh (2023-0733306be9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0733306be9 advisory. New upstream release fixing CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 Tenable has extracted the preceding description block directly from the...

Internet Bug Bounty: Command Injection using malicious hostname in expanded proxycommand

A vulnerability in the handling of ProxyCommand and ProxyJump hostname parameters in libssh versions 0.10.x, 0.9.x and 0.8.x was reported. The issue enables malicious code injection through unchecked hostname syntax. User interaction is required for exploitation...

SUSE CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

SUSE CVE-2023-6918

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

FreeBSD : putty -- add protocol extension against 'Terrapin attack' (91955195-9ebb-11ee-bc14-a703705db3a6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91955195-9ebb-11ee-bc14-a703705db3a6 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current proftpd Vulnerability (SSA:2023-354-01)

The version of proftpd installed on the remote host is prior to 1.3.8b. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-354-01 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...