Fedora Update for libssh FEDORA-2014-3473

Check for the Version of libssh OpenVAS Vulnerability Test Fedora Update for libssh FEDORA-2014-3473 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for libssh FEDORA-2014-3473

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Libssh随机号码生成器漏洞(CVE-2014-0017)

BUGTRAQ ID: 65963 CVECAN ID: CVE-2014-0017 libssh 是一个用以访问SSH服务的C语言开发包，通过它可以执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 Libssh 0.6.3之前版本工作流处理新请求时没有正确初始化PRNG状态，攻击者通过中间人攻击，利用此漏洞可获取并操纵用户的通讯。 0 libssh libssh 0.6.3 厂商补丁： libssh ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Fedora 20 : libssh-0.6.3-1.fc20 (2014-3473)

Fix CVE-2014-0017. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Netwo...

MGASA-2014-0119 Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

libssh -- PRNG state reuse on forking servers

Aris Adamantiadis reports: When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

GLSA-201402-26 : libssh: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201402-26 libssh: Arbitrary code execution Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact : A remote attacker could possibly execute arbitrary code with the...

libssh: Arbitrary code execution

Background libssh is a C library providing SSHv2 and SSHv1. Description Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial o...

Mandriva Linux Security Advisory : libssh (MDVSA-2013:045)

Updated libssh packages fix security vulnerabilities : Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution CVE-2012-4559,...

Slackware 14.0 / current : libssh (SSA:2013-087-01)

New libssh packages are available for Slackware 14.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-087-01. The text itself is copyright C...

libssh

New libssh packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/libssh-0.5.4-i486-1slack14.0.txz: Upgraded. This update fixes a possible denial of service issue. For more information, see:...

openSUSE: Security Advisory for update (openSUSE-SU-2012:1620-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE Update for update openSUSE-SU-2012:1620-1 (update)

Check for the Version of update OpenVAS Vulnerability Test $Id: gbsuse201216201.nasl 8456 2018-01-18 06:58:40Z teissa $ SuSE Update for update openSUSE-SU-2012:1620-1 update Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program ...

Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)

A vulnerability has been found and corrected in libssh : The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a Client: Diffie-Hellman Key Exchange...

DEBIAN-CVE-2013-0176

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...

CVE-2013-0176

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...

CVE-2013-0176

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...

Null pointer dereference

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...