Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server could send a SSHMSGCHANNELREQUEST packet with an exit signal message having a length of maximum unsigned integer value. This results in a length value of 1, which would cause a memory write out of bounds error or zero byte allocati...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. An integer overflow in the keyboard interactive handling allows a malicious server to crash the process resulted from an unchecked integer that leads to an out-of-bounds write error...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server is able to cause a crash resulted from an unchecked integer overflow by sending a malicious packet to cause an out-of-bounds write error...

Slackware 14.2 / current : libssh2 (SSA:2019-077-01)

New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-077-01. The text itself is copyright C Slackware Linux, Inc...

[slackware-security] libssh2

New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libssh2-1.8.1-i586-1slack14.2.txz: Upgraded. Fixed several security issues. For more information, see:...

libssh2 Multiple Security Vulnerabilities

Description libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. Technologies Affected Oracle Linux...

libssh2 -- multiple issues

libssh2 developers report: Defend against possible integer overflows in compmethodzlibdecomp. Defend against writing beyond the end of the payload in libssh2transportread. Sanitize paddinglength - libssh2transportread. This prevents an underflow resulting in a potential out-of-bounds read if a...

[SECURITY] [DSA 4377-3] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...

Security Bulletin: Vulnerability in libssh2 affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0787)

Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter. Vulnerability Details Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and...

Security Bulletin: Vulnerability in libssh2 affects IBM Flex System Chassis Management Module (CVE-2016-0787)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in libssh2. Vulnerability Details Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in libssh2. Vulnerability Details CVE-ID: CVE-2016-0787 Description:...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

Security Bulletin: A vulnerability in libssh2 affects PowerKVM (CVE-2016-0787)

Summary PowerKVM is affected by a vulnerability in libssh2. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a...

Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782)

Summary A vulnerability in libssh2 CVE-2015-1782 affects PowerKVM. Vulnerability Details CVEID: CVE-2015-1782 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an error in kexagreemethods function. By sending a specially-craftedlity to cause the system to stop responding...

Security Bulletin: IBM Security Access Manager for Mobile is affected by a vulnerability in libssh2 (CVE-2016-0787)

Summary A vulnerability in libssh2 affects IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amou...

Security Bulletin: libssh2 vulnerability affects IBM Identity Security Governance (CVE-2016-0787)

Summary A libssh2 could provide weaker than expected security vulnerability affects IBM Identity Security Governance Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting i...

Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787)

Summary The libssh2 packages provide a library that implements the SSHv2 protocol. A security vulnerability has been discovered in libssh2 used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused...

EulerOS 2.0 SP1 : libssh2 (EulerOS-SA-2016-1005)

According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchan...

Denial Of Service (DoS)

libssh2 is vulnerable to denial of service DoS attacks and other attacks. kexagreemethods function in libssh2 reads incoming SSHMSGKEXINIT packet data without a proper range checking of length values, thereby allowing remote servers to cause a denial of service by using malicious SSHMSGKEXINIT...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...