CVE-2020-1730

A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...

SUSE-SU-2020:0968-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699...

SUSE-SU-2020:0967-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699...

UBUNTU-CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

[ASA-202004-11] libssh: denial of service

Arch Linux Security Advisory ASA-202004-11 ========================================== Severity: Medium Date : 2020-04-09 CVE-ID : CVE-2020-1730 Package : libssh Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1130 Summary ======= The package libssh before version...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

EulerOS Virtualization for ARM 64 3.0.6.0 : libssh (EulerOS-SA-2020-1332)

According to the version of the libssh package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1332)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202003-27 : libssh: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-202003-27 libssh: Arbitrary command execution It was discovered that libssh incorrectly handled certain scp commands. Impact : A remote attacker could trick a victim into using a specially crafted scp command, possibly resulting i...

libssh: Arbitrary command execution

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh incorrectly handled certain scp commands. Impact A remote attacker could trick a victim into using a specially crafted scp command, possibly resultin...

Security fix for the ALT Linux 8 package libssh version 0.8.8-alt1

0.8.8-alt1 built March 13, 2020 Sergey V Turchin in task 247316 March 4, 2020 Sergey V Turchin - new version Fixes: CVE-2019-14889...

CVE-2018-10933

Description libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could...

EulerOS 2.0 SP8 : libssh (EulerOS-SA-2020-1164)

According to the version of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server,...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : libssh -- Unsanitized location in scp could lead to unwanted command execution (1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f)

The libssh team reports : In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in additon. When the libssh SCP client connects to a server, the scp command, which includes a...

openSUSE Security Update : libssh (openSUSE-2020-102)

This update for libssh fixes the following issues : - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

openSUSE: Security Advisory for libssh (openSUSE-SU-2020:0102_1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0102-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Client/server denial of service when handling AES-CTR ciphers

The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...