FreeBSD : libssh -- PRNG state reuse on forking servers (f8c88d50-5fb3-11e4-81bd-5453ed2e2b49)

Aris Adamantiadis reports : When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

OpenSSH 6.6 SFTP (x64) - Command Execution

OpenSSH 6.6 SFTP x64 - Command Execution define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include...

GLSA-201408-03 : LibSSH: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201408-03 LibSSH: Information disclosure A new connection inherits the state of the PRNG without re-seeding with random data. Impact : Servers using ECC ECDSA or DSA certificates in non-deterministic mode may under certain...

LibSSH: Information disclosure

Background LibSSH is a C library providing SSHv2 and SSHv1. Description A new connection inherits the state of the PRNG without re-seeding with random data. Impact Servers using ECC ECDSA or DSA certificates in non-deterministic mode may under certain conditions leak their private key. Workaround...

openSUSE Security Update : libssh (openSUSE-SU-2012:1622-1)

This update of libssh fixed various memory management issues that could have security implications Code execution, Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libssh (openSUSE-SU-2014:0366-1)

libssh was updated to fix a random generator reseeding issue when forking multiple servers. Forking multiple servers might under some circumstances get them the same random seed state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : libssh (openSUSE-SU-2012:1620-1)

This update of libssh fixed various memory management issues that could have security implications Code execution, Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Security fix for the ALT Linux 8 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...

Security fix for the ALT Linux 9 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...

Security fix for the ALT Linux 7 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...

Fedora 19 : libssh-0.6.3-1.fc19 (2014-3485)

Fix CVE-2014-0017. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Netwo...

Ubuntu Update for libssh USN-2145-1

Check for the Version of libssh OpenVAS Vulnerability Test $Id: gbubuntuUSN21451.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for libssh USN-2145-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

Fedora Update for libssh FEDORA-2014-3485

Check for the Version of libssh OpenVAS Vulnerability Test Fedora Update for libssh FEDORA-2014-3485 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Ubuntu: Security Advisory (USN-2145-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for libssh FEDORA-2014-3485

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

DEBIAN-CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

Cross site request forgery (csrf)

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...