The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Updated libssh packages fix security vulnerabilities :

Multiple double free flaws, buffer overflow flaws, invalid free flaws, and improper overflow checks in libssh before 0.5.3 could enable a denial of service attack against libssh clients, or possibly arbitrary code execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562).

Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service (CVE-2013-0176).

New libssh packages are available for Slackware 14.0, and -current to fix a security issue.

A vulnerability has been found and corrected in libssh :

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176).

The updated packages have been upgraded to the 0.5.4 version which is not affected by this issue.

Fixed NULL dereference leads to denial of service - CVE-2013-0176, several NULL pointer dereferences in SSHv1, a free crash bug in options parsing.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
66059	Mandriva Linux Security Advisory : libssh (MDVSA-2013:045)	Nessus	Mandriva Local Security Checks	high
65724	Slackware 14.0 / current : libssh (SSA:2013-087-01)	Nessus	Slackware Local Security Checks	medium
64551	Mandriva Linux Security Advisory : libssh (MDVSA-2013:009)	Nessus	Mandriva Local Security Checks	medium
64416	Fedora 17 : libssh-0.5.4-1.fc17 (2013-1422)	Nessus	Fedora Local Security Checks	medium
64414	Fedora 18 : libssh-0.5.4-1.fc18 (2013-1407)	Nessus	Fedora Local Security Checks	medium
64285	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libssh vulnerability (USN-1707-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2013-0176

high

Tenable Plugins

high

medium

medium

medium

medium

medium