Vulnerabilities > CVE-2019-3860 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
libssh2
debian
netapp
opensuse
CWE-125
critical
nessus

Summary

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1640.NASL
    descriptionThis update for libssh2_org fixes the following issues : - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126330
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126330
    titleopenSUSE Security Update : libssh2_org (openSUSE-2019-1640)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1640.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126330);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2019-3860");
    
      script_name(english:"openSUSE Security Update : libssh2_org (openSUSE-2019-1640)");
      script_summary(english:"Check for the openSUSE-2019-1640 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libssh2_org fixes the following issues :
    
      - Fix the previous fix for CVE-2019-3860 (bsc#1136570,
        bsc#1128481) (Out-of-bounds reads with specially crafted
        SFTP packets)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136570"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libssh2_org packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh2_org-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libssh2-1-1.4.3-19.9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libssh2-1-debuginfo-1.4.3-19.9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libssh2-devel-1.4.3-19.9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libssh2_org-debugsource-1.4.3-19.9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libssh2-1-32bit-1.4.3-19.9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libssh2-1-debuginfo-32bit-1.4.3-19.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh2-1 / libssh2-1-32bit / libssh2-1-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1360.NASL
    descriptionAccording to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858) - An out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859) - An out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860) - An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861) - An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124738
    published2019-05-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124738
    titleEulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1360)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124738);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/21");
    
      script_cve_id(
        "CVE-2019-3858",
        "CVE-2019-3859",
        "CVE-2019-3860",
        "CVE-2019-3861",
        "CVE-2019-3862"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1360)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libssh2 package installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - An out of bounds read flaw was discovered in libssh2
        when a specially crafted SFTP packet is received from
        the server. A remote attacker who compromises a SSH
        server may be able to cause a denial of service or read
        data in the client memory.(CVE-2019-3858)
    
      - An out of bounds read flaw was discovered in libssh2 in
        the _libssh2_packet_require and
        _libssh2_packet_requirev functions. A remote attacker
        who compromises a SSH server may be able to cause a
        denial of service or read data in the client
        memory.(CVE-2019-3859)
    
      - An out of bounds read flaw was discovered in libssh2 in
        the way SFTP packets with empty payloads are parsed. A
        remote attacker who compromises a SSH server may be
        able to cause a denial of service or read data in the
        client memory.(CVE-2019-3860)
    
      - An out of bounds read flaw was discovered in libssh2 in
        the way SSH packets with a padding length value greater
        than the packet length are parsed. A remote attacker
        who compromises a SSH server may be able to cause a
        denial of service or read data in the client
        memory.(CVE-2019-3861)
    
      - An out of bounds read flaw was discovered in libssh2 in
        the way SSH_MSG_CHANNEL_REQUEST packets with an exit
        status message and no payload are parsed. A remote
        attacker who compromises a SSH server may be able to
        cause a denial of service or read data in the client
        memory.(CVE-2019-3862)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1360
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c59aee8f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libssh2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libssh2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libssh2-1.4.3-10.1.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1606-2.NASL
    descriptionThis update for libssh2_org fixes the following issues : Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128071
    published2019-08-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128071
    titleSUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:1606-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1606-2.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128071);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-3860");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:1606-2)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libssh2_org fixes the following issues :
    
    Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
    (Out-of-bounds reads with specially crafted SFTP packets)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3860/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191606-2/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c231ba82"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-1606=1
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-1606=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t
    patch SUSE-SLE-SDK-12-SP5-2019-1606=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-1606=1
    
    SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
    SUSE-SLE-SERVER-12-SP5-2019-1606=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1606=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-1606=1
    
    SUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP5-2019-1606=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-1606=1
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-1606=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libssh2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libssh2-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libssh2-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libssh2_org-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3/5", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP5", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libssh2-1-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libssh2-1-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libssh2-1-debuginfo-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libssh2-1-debuginfo-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libssh2_org-debugsource-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libssh2-1-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libssh2-1-debuginfo-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libssh2_org-debugsource-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libssh2-1-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libssh2-1-debuginfo-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libssh2-1-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libssh2-1-debuginfo-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libssh2_org-debugsource-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libssh2-1-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libssh2-1-debuginfo-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libssh2-1-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libssh2-1-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libssh2-1-debuginfo-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libssh2-1-debuginfo-32bit-1.4.3-20.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"5", cpu:"x86_64", reference:"libssh2_org-debugsource-1.4.3-20.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh2_org");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1309.NASL
    descriptionAccording to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858) - An out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859) - An out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860) - An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861) - An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855) - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857) - A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-01
    plugin id124436
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124436
    titleEulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2019-1309)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6E58E1E92636413E9F844C0E21143628.NASL
    descriptionlibssh2 developers report : - Defend against possible integer overflows in comp_method_zlib_decomp. - Defend against writing beyond the end of the payload in _libssh2_transport_read(). - Sanitize padding_length - _libssh2_transport_read(). - This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent. - Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. - Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads. - Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. - Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().
    last seen2020-06-01
    modified2020-06-02
    plugin id124182
    published2019-04-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124182
    titleFreeBSD : libssh2 -- multiple issues (6e58e1e9-2636-413e-9f84-4c0e21143628)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1308.NASL
    descriptionAccording to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858) - An out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859) - An out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860) - An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861) - An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855) - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857) - A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-01
    plugin id124435
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124435
    titleEulerOS 2.0 SP2 : libssh2 (EulerOS-SA-2019-1308)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1075.NASL
    descriptionThis update for libssh2_org fixes the following issues : Security issues fixed: &#9; - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed : - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123494
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123494
    titleopenSUSE Security Update : libssh2_org (openSUSE-2019-1075)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13982-1.NASL
    descriptionThis update for libssh2_org fixes the following issues : Security issues fixed : CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122971
    published2019-03-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122971
    titleSUSE SLES11 Security Update : libssh2_org (SUSE-SU-2019:13982-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0009_LIBSSH2.NASL
    descriptionAn update of the libssh2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126377
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126377
    titlePhoton OS 3.0: Libssh2 PHSA-2019-3.0-0009
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1606-1.NASL
    descriptionThis update for libssh2_org fixes the following issues : Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126160
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126160
    titleSUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:1606-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3348CB4934.NASL
    descriptionThis update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123760
    published2019-04-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123760
    titleFedora 28 : libssh2 (2019-3348cb4934)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1310.NASL
    descriptionAccording to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3858) - An out of bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3859) - An out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3860) - An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3861) - An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.(CVE-2019-3862) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855) - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857) - A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-01
    plugin id124437
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124437
    titleEulerOS 2.0 SP5 : libssh2 (EulerOS-SA-2019-1310)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4431.NASL
    descriptionChris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id124039
    published2019-04-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124039
    titleDebian DSA-4431-1 : libssh2 - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1429.NASL
    descriptionAccording to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.(CVE-2016-0787) - A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client.(CVE-2015-1782) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3857) - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.(CVE-2019-3862) - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3856) - A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.(CVE-2019-3863) - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.(CVE-2019-3855) - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.(CVE-2019-3858) - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.(CVE-2019-3859) - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.(CVE-2019-3860) - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.(CVE-2019-3861) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124932
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124932
    titleEulerOS Virtualization 3.0.1.0 : libssh2 (EulerOS-SA-2019-1429)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1109.NASL
    descriptionThis update for libssh2_org fixes the following issues : Security issues fixed:&#9; - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123656
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123656
    titleopenSUSE Security Update : libssh2_org (openSUSE-2019-1109)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-077-01.NASL
    descriptionNew libssh2 packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122940
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122940
    titleSlackware 14.2 / current : libssh2 (SSA:2019-077-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0655-1.NASL
    descriptionThis update for libssh2_org fixes the following issues : Security issues fixed : CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122997
    published2019-03-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122997
    titleSUSE SLED12 / SLES12 Security Update : libssh2_org (SUSE-SU-2019:0655-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1730.NASL
    descriptionSeveral more boundary checks have been backported to libssh2
    last seen2020-06-01
    modified2020-06-02
    plugin id123135
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123135
    titleDebian DLA-1730-4 : libssh2 regression update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0222_LIBSSH2.NASL
    descriptionAn update of the libssh2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id125155
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125155
    titlePhoton OS 1.0: Libssh2 PHSA-2019-1.0-0222
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-70A9D4F970.NASL
    descriptionThis update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124503
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124503
    titleFedora 30 : libssh2 (2019-70a9d4f970)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F31C14682F.NASL
    descriptionThis update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123052
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123052
    titleFedora 29 : libssh2 (2019-f31c14682f)

The Hacker News

idTHN:B9050A4E7D2CE55A80B70F1870DE2C24
last seen2019-03-19
modified2019-03-19
published2019-03-19
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/03/libssh2-vulnerabilities.html
titleLibssh Releases Update to Patch 9 New Security Vulnerabilities