Astra Linux – Vulnerability in libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2024-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG,...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2021-0069)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could...

Oracle Linux 8 : libssh (ELSA-2020-4545)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4545 advisory. - Add a test for CVE-2019-14889 - Fixed CVE-2019-14889 1781782 - Fixed CVE-2020-1730 1802422 Tenable has extracted the preceding description block...

Vulnerability of the ssh_scp_new() function in the libssh library, allowing a hacker to execute arbitrary code

The vulnerability of the sshscpnew function in the libssh library is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

Arbitrary Code Execution

libssh.so is vulnerable to arbitrary code execution. When SCP client connects to a server, the function sshscpnew executed unsanitized scp-location parameter provided by the user, allowing a malicious user to inject arbitrary command through it...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

CVE-2019-14889

The CVE-2019-14889 flaw affects libssh where the API function ssh_scp_new() can be misused when the third parameter is user-controlled. Versions before 0.9.3 and before 0.8.8 are vulnerable: during SCP client-server interaction the server may execute a scp command that includes a user-provided pa...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...