Vulnerabilities > CVE-2013-0176 - Resource Management Errors vulnerability in Libssh
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1422.NASL description Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64416 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64416 title Fedora 17 : libssh-0.5.4-1.fc17 (2013-1422) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1422. # include("compat.inc"); if (description) { script_id(64416); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-0176"); script_xref(name:"FEDORA", value:"2013-1422"); script_name(english:"Fedora 17 : libssh-0.5.4-1.fc17 (2013-1422)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=894407" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?88ff6d65" ); script_set_attribute( attribute:"solution", value:"Update the affected libssh package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libssh"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"libssh-0.5.4-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-1407.NASL description Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64414 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64414 title Fedora 18 : libssh-0.5.4-1.fc18 (2013-1407) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1407. # include("compat.inc"); if (description) { script_id(64414); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-0176"); script_xref(name:"FEDORA", value:"2013-1407"); script_name(english:"Fedora 18 : libssh-0.5.4-1.fc18 (2013-1407)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=894407" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3e54893" ); script_set_attribute( attribute:"solution", value:"Update the affected libssh package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libssh"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"libssh-0.5.4-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-087-01.NASL description New libssh packages are available for Slackware 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 65724 published 2013-03-29 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65724 title Slackware 14.0 / current : libssh (SSA:2013-087-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2013-087-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(65724); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2013/06/01 00:44:11 $"); script_cve_id("CVE-2013-0176"); script_bugtraq_id(57571); script_xref(name:"SSA", value:"2013-087-01"); script_name(english:"Slackware 14.0 / current : libssh (SSA:2013-087-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libssh packages are available for Slackware 14.0, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.339814 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a55e2250" ); script_set_attribute( attribute:"solution", value:"Update the affected libssh package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libssh"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"libssh", pkgver:"0.5.4", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libssh", pkgver:"0.5.4", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"current", pkgname:"libssh", pkgver:"0.5.4", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libssh", pkgver:"0.5.4", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-009.NASL description A vulnerability has been found and corrected in libssh : The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176). The updated packages have been upgraded to the 0.5.4 version which is not affected by this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 64551 published 2013-02-11 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64551 title Mandriva Linux Security Advisory : libssh (MDVSA-2013:009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:009. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(64551); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2013-0176"); script_bugtraq_id(57571); script_xref(name:"MDVSA", value:"2013:009"); script_name(english:"Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in libssh : The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176). The updated packages have been upgraded to the 0.5.4 version which is not affected by this issue." ); script_set_attribute( attribute:"see_also", value:"http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libssh-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libssh4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64ssh-devel-0.5.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64ssh4-0.5.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libssh-devel-0.5.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libssh4-0.5.4-0.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1707-1.NASL description Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64285 published 2013-01-29 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64285 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libssh vulnerability (USN-1707-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1707-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(64285); script_version("1.9"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2013-0176"); script_xref(name:"USN", value:"1707-1"); script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libssh vulnerability (USN-1707-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1707-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libssh-4 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libssh-4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"libssh-4", pkgver:"0.4.2-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libssh-4", pkgver:"0.5.2-1ubuntu0.11.10.2")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libssh-4", pkgver:"0.5.2-1ubuntu0.12.04.2")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"libssh-4", pkgver:"0.5.2-1ubuntu0.12.10.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh-4"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-045.NASL description Updated libssh packages fix security vulnerabilities : Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562). Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service (CVE-2013-0176). last seen 2020-06-01 modified 2020-06-02 plugin id 66059 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66059 title Mandriva Linux Security Advisory : libssh (MDVSA-2013:045) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:045. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(66059); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-4559", "CVE-2012-4560", "CVE-2012-4561", "CVE-2012-4562", "CVE-2013-0176"); script_bugtraq_id(56604, 57571); script_xref(name:"MDVSA", value:"2013:045"); script_xref(name:"MGASA", value:"2012-0344"); script_xref(name:"MGASA", value:"2013-0033"); script_name(english:"Mandriva Linux Security Advisory : libssh (MDVSA-2013:045)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libssh packages fix security vulnerabilities : Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562). Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service (CVE-2013-0176)." ); script_set_attribute( attribute:"solution", value:"Update the affected lib64ssh-devel and / or lib64ssh4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ssh-devel-0.5.2-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ssh4-0.5.2-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html
- http://secunia.com/advisories/51982
- http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
- http://www.ubuntu.com/usn/USN-1707-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81595