Lucene search
+L

94 matches found

Gentoo Linux
Gentoo Linux
added 2020/04/10 12:0 a.m.30 views

libssh: Denial of service

Background libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. Description It was discovered that libssh could crash when AES-CTR ciphers are used. Impact A remote attacker running a malicious client or server could possibly crash the counterpart...

5.3CVSS3.8AI score0.03065EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.22 views

SUSE SLES12 Security Update : libssh (SUSE-SU-2020:0968-1)

This update for libssh fixes the following issues : CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

5.3CVSS7.2AI score0.03065EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.30 views

Ubuntu 18.04 LTS : libssh vulnerability (USN-4327-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4327-1 advisory. Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a...

5.3CVSS7.2AI score0.03065EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/10 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4327-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.03065EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/04/09 12:11 p.m.63 views

USN-4327-1: libssh vulnerability

Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service...

5.3CVSS7.2AI score0.03065EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/09 11:15 a.m.39 views

CVE-2020-1730

A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...

5.3CVSS1.2AI score0.03065EPSS
Exploits0References4
OSV
OSV
added 2020/04/09 9:42 a.m.6 views

SUSE-SU-2020:0968-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699...

5.3CVSS5.9AI score0.03065EPSS
Exploits0References3
OSV
OSV
added 2020/04/09 9:41 a.m.9 views

SUSE-SU-2020:0967-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699...

5.3CVSS5.9AI score0.03065EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/04/09 9:0 a.m.29 views

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS6.7AI score0.03065EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2020/04/09 12:0 a.m.41 views

[ASA-202004-11] libssh: denial of service

Arch Linux Security Advisory ASA-202004-11 ========================================== Severity: Medium Date : 2020-04-09 CVE-ID : CVE-2020-1730 Package : libssh Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1130 Summary ======= The package libssh before version...

5.3CVSS1.7AI score0.03065EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2020/01/25 12:0 a.m.32 views

Client/server denial of service when handling AES-CTR ciphers

The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...

5.3CVSS1.7AI score0.03065EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2018/06/30 9:29 a.m.65 views

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2008/11/20 12:0 a.m.155 views

OpenSSH CBC模式信息泄露漏洞

BUGTRAQ ID: 32319 OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。 如果配置为CBC模式的话,OpenSSH没有正确地处理分组密码算法加密的SSH会话中所出现的错误,导致可能泄露密文中任意块最多32位纯文本。在以标准配置使用OpenSSH时,攻击者恢复32位纯文本的成功概率为2^-18,此外另一种攻击变种恢复14位纯文本的成功概率为2^-14。 OpenSSH OpenSSH 4.7p1 SSH Communications Security Tectia Server 6.x SSH...

6.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2008/11/19 5:30 p.m.39 views

CVE-2008-5161

Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...

3.7CVSS6.8AI score0.15395EPSS
Exploits1References2
Rows per page
Query Builder