CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

libssh -- Unsanitized location in scp could lead to unwanted command execution

The libssh team reports: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in additon. When the libssh SCP client connects to a server, the scp command, which includes a...

curl security and bug fix update

7.61.1-11 - rebuild with updated annobin to prevent Execshield RPMDiff check from failing 7.61.1-10 - fix SMTP end-of-response out-of-bounds read CVE-2019-3823 - fix NTLMv2 type-3 header stack buffer overflow CVE-2019-3822 - fix NTLM type-2 out-of-bounds buffer read CVE-2018-16890 - xattr: strip...

EulerOS 2.0 SP3 : libssh (EulerOS-SA-2019-2067)

According to the version of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without...

libssh:libssh_server_fuzzer: Use-of-uninitialized-value in ssh_buffer_unpack_va

Project: https://git.libssh.org/projects/libssh.git Detailed Report: https://oss-fuzz.com/testcase?key=5661411098755072 Project: libssh Fuzzing Engine: libFuzzer Fuzz Target: libsshserverfuzzer Job Type: libfuzzermsanlibssh Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

Fedora Update for libssh FEDORA-2018-6b390ceb36

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Darksplitz - Exploit Framework

This tools is continued from Nefix, DirsPy and Xmasspy project. Installation Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux. 1. $ git clone https://github.com/koboi137/darksplitz 2. $ cd darksplitz/ 3. $ sudo ./install.sh Features Extract mikrotik credenti...

openSUSE Security Update : libssh (openSUSE-2019-806)

This update for libssh fixes the following issues : - CVE-2018-10933: Fixed a server mode authentication bypass bsc1108020. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Re...

LibSSH 0.7.6 / 0.8.4 Unauthorized Access

!/usr/bin/env python3 import sys import paramiko import socket import logging pip3 install paramiko==2.0.8 logging.basicConfigstream=sys.stdout, level=logging.DEBUG logging.basicConfigstream=sys.stdout bufsize = 2048 def executehostname, port, command: sock = socket.socket try:...

MGASA-2019-0043 Updated libssh packages fix security vulnerability

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

Updated libssh packages fix security vulnerability

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

Fedora 28 : libssh (2018-c08cd808d3)

Update to version 0.8.4 to address CVE-2018-10933 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 29 : libssh (2018-6b390ceb36)

Update to version 0.8.4 to fix CVE-2018-10933 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2018:3162-1)

This update for libssh fixes the following issues : CVE-2018-10933: Fixed a server mode authentication bypass bsc1108020. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and...

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u

Summary AT&T has released versions 1801-s, 1801-t and 1801-u for the Vyatta 5600. Details of this release can be found at https://console.bluemix.net/docs/infrastructure/virtual-router-appliance/vyatta-5600-security-fixes.htmlat-t-vyatta-5600-vrouter-software-patches Vulnerability Details CVEID:...

Ubuntu: Security Advisory (USN-3795-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libssh regression (USN-3795-3)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3795-3 advisory. USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Tenabl...

USN-3795-3: libssh regression

USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this...