1851 matches found
libssh -- PRNG state reuse on forking servers
Aris Adamantiadis reports: When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...
GLSA-201402-26 : libssh: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201402-26 libssh: Arbitrary code execution Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact : A remote attacker could possibly execute arbitrary code with the...
libssh: Arbitrary code execution
Background libssh is a C library providing SSHv2 and SSHv1. Description Multiple buffer overflow, double free, and integer overflow vulnerabilities have been discovered in libssh. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial o...
Mandriva Linux Security Advisory : libssh (MDVSA-2013:045)
Updated libssh packages fix security vulnerabilities : Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution CVE-2012-4559,...
Slackware 14.0 / current : libssh (SSA:2013-087-01)
New libssh packages are available for Slackware 14.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-087-01. The text itself is copyright C...
libssh
New libssh packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/libssh-0.5.4-i486-1slack14.0.txz: Upgraded. This update fixes a possible denial of service issue. For more information, see:...
SuSE Update for update openSUSE-SU-2012:1620-1 (update)
Check for the Version of update OpenVAS Vulnerability Test $Id: gbsuse201216201.nasl 8456 2018-01-18 06:58:40Z teissa $ SuSE Update for update openSUSE-SU-2012:1620-1 update Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program ...
openSUSE: Security Advisory for update (openSUSE-SU-2012:1620-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)
A vulnerability has been found and corrected in libssh : The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a Client: Diffie-Hellman Key Exchange...
CVE-2013-0176
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
DEBIAN-CVE-2013-0176
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
CVE-2013-0176
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
Null pointer dereference
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
CVE-2013-0176
The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...
CVE-2013-0176
The CVE-2013-0176 issue affects libssh prior to 0.5.4, where the publickey_from_privatekey function can trigger a NULL pointer dereference and crash when no algorithm is matched during Diffie-Hellman negotiation, allowing a remote denial of service. Several connected advisories confirm the vulner...
Fedora 17 : libssh-0.5.4-1.fc17 (2013-1422)
Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for libssh FEDORA-2013-1422
Check for the Version of libssh OpenVAS Vulnerability Test Fedora Update for libssh FEDORA-2013-1422 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for libssh FEDORA-2013-1407
Check for the Version of libssh OpenVAS Vulnerability Test Fedora Update for libssh FEDORA-2013-1407 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
libssh DoS
Crash on connection engotiation...
[USN-1707-1] libssh vulnerability
========================================================================== Ubuntu Security Notice USN-1707-1 January 28, 2013 libssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...