CVE-2020-11940

In nDPI through 3.2 Stable, an out-of-bounds read in concathashstring in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library...

CVE-2020-11940

In nDPI through 3.2 Stable, an out-of-bounds read in concathashstring in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library...

CVE-2020-11939

CVE-2020-11939 affects nDPI (up to 3.2 Stable) where the SSH protocol dissector exposes multiple KEXINIT integer overflows. The underlying issue is a heap overflow in concat_hash_string in ssh.c, enabling an attacker to remotely influence heap layout and memory contents. The documented impact sta...

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

Poorly Secured Docker Image Comes Under Rapid Attack

In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it...

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...

Huawei GaussDB Detection Consolidation

Consolidation of Huawei GaussDB detections. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[ASA-201910-11] go-pie: denial of service

Arch Linux Security Advisory ASA-201910-11 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go-pie Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go-pie before version...

CentOS 7 : openssh (CESA-2019:2143)

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

openSUSE Security Update : putty (openSUSE-2019-1985)

This update for putty fixes the following issues : Update to new upstream release 0.72 boo1144547, boo1144548 - Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. - Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFT...

openSUSE: Security Advisory for Recommended (openSUSE-SU-2019:1985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns library libssh2 that is a library that implements the SSH2 protocol. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: libssh2 coul...

CentOS 6 : libssh2 (CESA-2019:1652)

An update for libssh2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libssh2 security update

CentOS Errata and Security Advisory CESA-2019:1652 An update for libssh2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PuTTY (European Commission - DIGIT): Heap overflow happen when receiving short length key from ssh server using ssh protocol 1

Summary: There's no check in ssh1loginprocessqueue function when read servkey and hostkey length from packet which may cause heap overflow. Remote code execution may be possible. Steps To Reproduce: 1. To test this issue, I downloaded openssl6.8 to compile to craft packets, using below command to...

Oracle Linux 7 : libssh2 (ELSA-2019-0679)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0679 advisory. - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix integer overflow in SSH packet processing...

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Mitigation This issue only affects the user...