This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Libssh First view 2012-11-30
Product Libssh Last view 2020-04-13
Version 0.5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:libssh:libssh

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2020-04-13 CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

8 2019-12-10 CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

9.1 2018-10-17 CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

5.9 2016-04-13 CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

7.5 2016-04-13 CVE-2015-3146

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

5 2014-12-28 CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

1.9 2014-03-14 CVE-2014-0017

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

4.3 2013-02-05 CVE-2013-0176

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

7.5 2012-11-30 CVE-2012-6063

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.

7.5 2012-11-30 CVE-2012-4562

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

5 2012-11-30 CVE-2012-4561

The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.

7.5 2012-11-30 CVE-2012-4560

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.

6.8 2012-11-30 CVE-2012-4559

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-399 Resource Management Errors
10% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
10% (1) CWE-310 Cryptographic Issues
10% (1) CWE-287 Improper Authentication
10% (1) CWE-200 Information Exposure
10% (1) CWE-189 Numeric Errors
10% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

SAINT Exploits

Description Link
libssh authentication bypass More info here

OpenVAS Exploits

id Description
2012-12-10 Name : Fedora Update for libssh FEDORA-2012-18687
File : nvt/gb_fedora_2012_18687_libssh_fc16.nasl
2012-12-04 Name : Debian Security Advisory DSA 2577-1 (libssh)
File : nvt/deb_2577_1.nasl
2012-12-04 Name : Mandriva Update for libssh MDVSA-2012:175 (libssh)
File : nvt/gb_mandriva_MDVSA_2012_175.nasl
2012-11-29 Name : Fedora Update for libssh FEDORA-2012-18677
File : nvt/gb_fedora_2012_18677_libssh_fc17.nasl
2012-11-29 Name : Ubuntu Update for libssh USN-1640-1
File : nvt/gb_ubuntu_USN_1640_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c08cd808d3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6b390ceb36.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bca1c1ab49.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-1548.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2383767cd22411e89623a4badb2f4699.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4322.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote server is vulnerable to an authentication bypass.
File: libssh_0_8_4_remote.nasl - Type: ACT_ATTACK
2018-10-17 Name: The remote server is vulnerable to an authentication bypass.
File: libssh_0_8_4.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-289-01.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL57255643.nasl - Type: ACT_GATHER_INFO
2016-07-26 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: securitycenter_5_4.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-12.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0566.nasl - Type: ACT_GATHER_INFO
2016-03-25 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-394.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-dc9e8da03c.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-328.nasl - Type: ACT_GATHER_INFO
2016-03-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6b3591eae2d211e5a6be5453ed2e2b49.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0625-1.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0622-1.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-d9f950c779.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-057-01.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3488.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-425.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2912-1.nasl - Type: ACT_GATHER_INFO
2015-10-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1707-2.nasl - Type: ACT_GATHER_INFO