821 matches found
EulerOS 2.0 SP1 : libssh2 (EulerOS-SA-2016-1005)
According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchan...
Denial Of Service (DoS)
libssh2 is vulnerable to denial of service DoS attacks and other attacks. kexagreemethods function in libssh2 reads incoming SSHMSGKEXINIT packet data without a proper range checking of length values, thereby allowing remote servers to cause a denial of service by using malicious SSHMSGKEXINIT...
Weak Diffie-Hellman Handshake Due To Truncated Secret Length
libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...
MGASA-2016-0392 Updated libssh2 packages fix security vulnerability
Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...
Updated libssh2 packages fix security vulnerability
Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...
F5 Networks BIG-IP : libssh2 vulnerability (K21531693)
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a 'bits/bytes confusion bug.' CVE-2016-0787 C Tenable Network...
GLSA-201606-12 : libssh and libssh2: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201606-12 libssh and libssh2: Multiple vulnerabilities libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange...
IBM Security Network Protection Multiple Vulnerabilities
IBM Security Network Protection is prone to multiple vulnerabilities. 1. IBM Security Network Protection uses Kerberos krb5 to provide network authentication. The Kerberos krb5 version that is shipped with IBM Security Network Protection contains multiple security vulnerabilities. 2. The libssh2...
Amazon Linux: Security Advisory (ALAS-2016-683)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libssh2 diffie_hellman_sha256 information disclosure vulnerability
libssh2 is a client-side C library that implements the SSH2 protocol. An information disclosure vulnerability exists in libssh2 diffiehellmansha256, which can be exploited by an attacker to decrypt or intercept SSH sessions...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
DEBIAN-CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
ALPINE-CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The CVE-2016-0787 entry concerns libssh2 (before 1.7.0) where the diffie_hellman_sha256 function truncates ephemeral DH secrets to 128 or 256 bits, enabling potential man-in-the-middle decryption/interception of SSH sessions. Root cause: truncated DH secret length. Impact: weakened SSH handshake ...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
CVE-2016-0787
The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
Amazon Linux AMI : libssh2 (ALAS-2016-683)
A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. C Tenable Network Security, Inc. Th...