209 matches found
USN-6592-2 libssh vulnerabilities
USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this...
USN-6592-2: libssh vulnerabilities
USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this...
Ubuntu 16.04 ESM / 18.04 ESM : libssh vulnerabilities (USN-6592-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-2 advisory. USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable...
Ubuntu: Security Advisory (USN-6592-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6592-1: libssh vulnerabilities
It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-1 advisory. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possib...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh (SUSE-SU-2024:0140-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0140-1 advisory. - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
Command injection
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
CVE-2023-6004 is a libssh vulnerability where ProxyCommand/ProxyJump can be abused to inject malicious code via the hostname parameter due to unchecked hostname syntax. Multiple advisories (AlmaLinux ALSA-2024:3233/2504, Cloud Foundry USN-6592-1) confirm libssh security updates and provide remedi...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
GLSA-202312-16 : libssh: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...
Exploit for OS Command Injection in Openbsd Openssh
CVE-2023-51385 poc OpenSSH ProxyCommand RCE poc OpenSSH...
Command Injection
libssh.so is vulnerable to Command Injection. The vulnerability is due to insufficient validation of the hostname parameter in the URI parsing process. This allows attackers to use ProxyCommand or the ProxyJump features to exploit and inject malicious code via the unchecked hostname parameter on...
Internet Bug Bounty: Command Injection using malicious hostname in expanded proxycommand
A vulnerability in the handling of ProxyCommand and ProxyJump hostname parameters in libssh versions 0.10.x, 0.9.x and 0.8.x was reported. The issue enables malicious code injection through unchecked hostname syntax. User interaction is required for exploitation...