Poorly Secured Docker Image Comes Under Rapid Attack

In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it...

OpenSSH now supports FIDO U2F security keys for 2-factor authentication

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell SSH Protocol, yesterday announced th...

Huawei GaussDB Detection Consolidation

Consolidation of Huawei GaussDB detections. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[ASA-201910-11] go-pie: denial of service

Arch Linux Security Advisory ASA-201910-11 ========================================== Severity: Medium Date : 2019-10-21 CVE-ID : CVE-2019-17596 Package : go-pie Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1051 Summary ======= The package go-pie before version...

CentOS 7 : openssh (CESA-2019:2143)

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

openSUSE Security Update : putty (openSUSE-2019-1985)

This update for putty fixes the following issues : Update to new upstream release 0.72 boo1144547, boo1144548 - Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. - Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFT...

openSUSE: Security Advisory for Recommended (openSUSE-SU-2019:1985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The vulnerability concerns library libssh2 that is a library that implements the SSH2 protocol. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: libssh2 coul...

CentOS 6 : libssh2 (CESA-2019:1652)

An update for libssh2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libssh2 security update

CentOS Errata and Security Advisory CESA-2019:1652 An update for libssh2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PuTTY (European Commission - DIGIT): Heap overflow happen when receiving short length key from ssh server using ssh protocol 1

Summary: There's no check in ssh1loginprocessqueue function when read servkey and hostkey length from packet which may cause heap overflow. Remote code execution may be possible. Steps To Reproduce: 1. To test this issue, I downloaded openssl6.8 to compile to craft packets, using below command to...

Oracle Linux 7 : libssh2 (ELSA-2019-0679)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0679 advisory. - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix integer overflow in SSH packet processing...

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Mitigation This issue only affects the user...

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Mitigation This issue only affects the users of scp binary which...

SSH Protocol Authentication Bypass (Remote Exploit Check)

The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisor...

OpenSSH: User enumeration vulnerability

Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description It was discovered that OpenSSH was prone to a user enumeration vulnerability. Impact A remote attacker could conduct user enumeration. Workaround There is no known workaround at...

[SECURITY] [DLA 1500-1] openssh security update

Package : openssh Version : 1:6.7p1-5+deb8u6 CVE ID : CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-1908 CVE-2016-3115 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2017-15906 Debian Bug : 790798 793616 795711 848716 848717 Several vulnerabilitie...

Debian: Security Advisory (DLA-1500-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...