Vulnerabilities > CVE-2014-0017 - Cryptographic Issues vulnerability in Libssh

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201408-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201408-03 (LibSSH: Information disclosure) A new connection inherits the state of the PRNG without re-seeding with random data. Impact : Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode may under certain conditions leak their private key. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77112
    published2014-08-11
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77112
    titleGLSA-201408-03 : LibSSH: Information disclosure
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201408-03.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77112);
      script_version("1.4");
      script_cvs_date("Date: 2018/12/05 20:31:22");
    
      script_cve_id("CVE-2014-0017");
      script_bugtraq_id(65963);
      script_xref(name:"GLSA", value:"201408-03");
    
      script_name(english:"GLSA-201408-03 : LibSSH: Information disclosure");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201408-03
    (LibSSH: Information disclosure)
    
        A new connection inherits the state of the PRNG without re-seeding with
          random data.
      
    Impact :
    
        Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode
          may under certain conditions leak their private key.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201408-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All LibSSH users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-libs/libssh-0.6.3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libssh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-libs/libssh", unaffected:make_list("ge 0.6.3"), vulnerable:make_list("lt 0.6.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LibSSH");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-086.NASL
    descriptionUpdated libssh packages fix security vulnerabilities : When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id82339
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82339
    titleMandriva Linux Security Advisory : libssh (MDVSA-2015:086)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:086. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82339);
      script_version("1.3");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-0017", "CVE-2014-8132");
      script_xref(name:"MDVSA", value:"2015:086");
    
      script_name(english:"Mandriva Linux Security Advisory : libssh (MDVSA-2015:086)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libssh packages fix security vulnerabilities :
    
    When using libssh before 0.6.3, a libssh-based server, when accepting
    a new connection, forks and the child process handles the request. The
    RAND_bytes() function of openssl doesn't reset its state after the
    fork, but simply adds the current process id (getpid) to the PRNG
    state, which is not guaranteed to be unique. The most important
    consequence is that servers using EC (ECDSA) or DSA certificates may
    under certain conditions leak their private key (CVE-2014-0017).
    
    Double free vulnerability in the ssh_packet_kexinit function in kex.c
    in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to
    cause a denial of service via a crafted kexinit packet
    (CVE-2014-8132)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0119.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0014.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lib64ssh-devel and / or lib64ssh4 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ssh4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64ssh-devel-0.5.5-2.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64ssh4-0.5.5-2.1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2879.NASL
    descriptionIt was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key.
    last seen2020-03-17
    modified2014-03-14
    plugin id72994
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72994
    titleDebian DSA-2879-1 : libssh - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2879. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72994);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0017");
      script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 65963);
      script_xref(name:"DSA", value:"2879");
    
      script_name(english:"Debian DSA-2879-1 : libssh - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libssh, a tiny C SSH library, did not reset the
    state of the PRNG after accepting a connection. A server mode
    application that forks itself to handle incoming connections could see
    its children sharing the same PRNG state, resulting in a cryptographic
    weakness and possibly the recovery of the private key."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/libssh"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/libssh"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-2879"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libssh packages.
    
    For the oldstable distribution (squeeze), this problem has been fixed
    in version 0.4.5-3+squeeze2.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 0.5.4-1+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libssh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libssh-4", reference:"0.4.5-3+squeeze2")) flag++;
    if (deb_check(release:"6.0", prefix:"libssh-dbg", reference:"0.4.5-3+squeeze2")) flag++;
    if (deb_check(release:"6.0", prefix:"libssh-dev", reference:"0.4.5-3+squeeze2")) flag++;
    if (deb_check(release:"6.0", prefix:"libssh-doc", reference:"0.4.5-3+squeeze2")) flag++;
    if (deb_check(release:"7.0", prefix:"libssh-4", reference:"0.5.4-1+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libssh-dbg", reference:"0.5.4-1+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libssh-dev", reference:"0.5.4-1+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libssh-doc", reference:"0.5.4-1+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-3473.NASL
    descriptionFix CVE-2014-0017. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-03-07
    plugin id72871
    published2014-03-07
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72871
    titleFedora 20 : libssh-0.6.3-1.fc20 (2014-3473)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-3473.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72871);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0017");
      script_bugtraq_id(65963);
      script_xref(name:"FEDORA", value:"2014-3473");
    
      script_name(english:"Fedora 20 : libssh-0.6.3-1.fc20 (2014-3473)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix CVE-2014-0017.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1072191"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129556.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1a160f17"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libssh package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libssh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"libssh-0.6.3-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-3485.NASL
    descriptionFix CVE-2014-0017. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-03-17
    plugin id73037
    published2014-03-17
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73037
    titleFedora 19 : libssh-0.6.3-1.fc19 (2014-3485)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-053.NASL
    descriptionUpdated libssh package fixes security vulnerability : When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id73000
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73000
    titleMandriva Linux Security Advisory : libssh (MDVSA-2014:053)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F8C88D505FB311E481BD5453ED2E2B49.NASL
    descriptionAris Adamantiadis reports : When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id78730
    published2014-10-30
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78730
    titleFreeBSD : libssh -- PRNG state reuse on forking servers (f8c88d50-5fb3-11e4-81bd-5453ed2e2b49)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-111-04.NASL
    descriptionNew libssh packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id82917
    published2015-04-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82917
    titleSlackware 14.0 / 14.1 / current : libssh (SSA:2015-111-04)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2145-1.NASL
    descriptionAris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-03-13
    plugin id72980
    published2014-03-13
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72980
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : libssh vulnerability (USN-2145-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBSSH2-140307.NASL
    descriptionThis update of libssh fixes the following security issue : - When libssh operates in server mode, the randomness pool was not switched on fork, so two pools could operate on the same randomness and could generate the same keys.
    last seen2020-06-05
    modified2014-03-21
    plugin id73130
    published2014-03-21
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73130
    titleSuSE 11.3 Security Update : libssh2 (SAT Patch Number 8982)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-208.NASL
    descriptionlibssh was updated to fix a random generator reseeding issue when forking multiple servers. Forking multiple servers might under some circumstances get them the same random seed state.
    last seen2020-06-05
    modified2014-06-13
    plugin id75290
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75290
    titleopenSUSE Security Update : libssh (openSUSE-SU-2014:0366-1)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65963 CVE(CAN) ID: CVE-2014-0017 libssh 是一个用以访问SSH服务的C语言开发包,通过它可以执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 Libssh 0.6.3之前版本工作流处理新请求时没有正确初始化PRNG状态,攻击者通过中间人攻击,利用此漏洞可获取并操纵用户的通讯。 0 libssh libssh &lt; 0.6.3 厂商补丁: libssh ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
idSSV:61681
last seen2017-11-19
modified2014-03-07
published2014-03-07
reporterRoot
titleLibssh随机号码生成器漏洞(CVE-2014-0017)