Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

Linux Distros Unpatched Vulnerability : CVE-2023-46445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a Rogue Extension...

TencentOS Server 4: python-asyncssh (TSSA-2024:1054)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1054 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Vulnerabilities fixed in Docker Desktop

Vulnerabilities have been fixed in Docker Desktop. A malicious party can exploit the vulnerabilities to execute arbitrary code in the context of the Desktop application. Since the Docker Desktop is mostly used by developers, it cannot be ruled out that the execution of arbitrary code can take pla...

K000138576: Python-asyncssh vulnerability CVE-2023-46445

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation." CVE-2023-46445 Impact There is no impact; F5 products are not affected by this vulnerability...

DEBIAN-CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

Design/Logic Flaw

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

UBUNTU-CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

SUSE CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

Rogue Extension Negotiation

asyncssh is vulnerable to Rogue Extension Negotiation. The vulnerability is caused by an implementation flaw in the AsyncSSH server implementation which leads to an injection of an extension info message chosen by the attacker via a man-in-the-middle attack. This is achieved by downgrading the...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure. Remote code execution User rights Spoofi...

Bogus Chat GPT extension takes over Facebook accounts

If youre particularly intrigued by the current wave of interest in AI, take care. Theres some bad things lurking in search engine results waiting to compromise your Facebook account. A rogue Chrome extension deployed in a campaign targeting Facebook users is "hitting thousands a day" according to...

Client Side Threats & How Could Website Owners Mitigate Them?

Have you ever browsed a website with complete confidence that your data is protected? We tend to trust websites with some of our most valuable assets, such as personal information or credit card data. While owners of these websites might consider the protection of our data a top priority, we stil...