Astra Linux - уязвимость в libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2024-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG,...

NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2021-0069)

The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could...

Oracle Linux 8 : libssh (ELSA-2020-4545)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4545 advisory. - Add a test for CVE-2019-14889 - Fixed CVE-2019-14889 1781782 - Fixed CVE-2020-1730 1802422 Tenable has extracted the preceding description block...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

Arbitrary Code Execution

libssh.so is vulnerable to arbitrary code execution. When SCP client connects to a server, the function sshscpnew executed unsanitized scp-location parameter provided by the user, allowing a malicious user to inject arbitrary command through it...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

CVE-2019-14889

The CVE-2019-14889 flaw affects libssh where the API function ssh_scp_new() can be misused when the third parameter is user-controlled. Versions before 0.9.3 and before 0.8.8 are vulnerable: during SCP client-server interaction the server may execute a scp command that includes a user-provided pa...