CVE-2014-0017

CVE-2014-0017 affects libssh prior to 0.6.3 where RAND_bytes state is not re-seeded after fork, causing PRNG state to be shared between child processes. This can lead to leakage of private keys for servers using ECC (ECDSA) or DSA certificates under certain conditions. The issue is resolved by up...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

Mandriva Linux Security Advisory : libssh (MDVSA-2014:053)

Updated libssh package fixes security vulnerability : When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current...

Debian DSA-2879-1 : libssh - security update

It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly...

[SECURITY] [DSA 2879-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2879-1 [email protected] http://www.debian.org/security/ Raphael Geissert March 13, 2014 http://www.debian.org/security/faq -...

Ubuntu 12.04 LTS / 12.10 / 13.10 : libssh vulnerability (USN-2145-1)

Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks. Note that Tenable Network Security has extracted the...

Debian Security Advisory DSA 2879-1 (libssh - security update)

It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly...

libssh PRNG attacks

It may be possible to discover PRNG state...

[USN-2145-1] libssh vulnerability

========================================================================== Ubuntu Security Notice USN-2145-1 March 12, 2014 libssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

DSA-2879-1 libssh - security update

Bulletin has no description...

USN-2145-1: libssh vulnerability

Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks...

Fedora Update for libssh FEDORA-2014-3473

Check for the Version of libssh OpenVAS Vulnerability Test Fedora Update for libssh FEDORA-2014-3473 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for libssh FEDORA-2014-3473

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2879-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Libssh随机号码生成器漏洞(CVE-2014-0017)

BUGTRAQ ID: 65963 CVECAN ID: CVE-2014-0017 libssh 是一个用以访问SSH服务的C语言开发包，通过它可以执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 Libssh 0.6.3之前版本工作流处理新请求时没有正确初始化PRNG状态，攻击者通过中间人攻击，利用此漏洞可获取并操纵用户的通讯。 0 libssh libssh 0.6.3 厂商补丁： libssh ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Fedora 20 : libssh-0.6.3-1.fc20 (2014-3473)

Fix CVE-2014-0017. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Netwo...

Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

MGASA-2014-0119 Updated libssh package fixes security vulnerability

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...

CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...