EUVD-2016-0800

Malware in sbrugna...

EUVD-2016-0763

Malware in sbrugna...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

GLSA-201606-12 : libssh and libssh2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-12 libssh and libssh2: Multiple vulnerabilities libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange...

DEBIAN-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

UBUNTU-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

Mageia: Security Advisory (MGASA-2016-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...