Detections
Analytics

Oracle Linux 8 : libssh (ELSA-2024-3233)

medium Nessus Plugin ID 198033

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3233 advisory.

 [0.9.6-14]
 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
 - Fix CVE-2023-6918 Missing checks for return values for digests
 - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname
 - Note: version is bumped from 12 to 14 directly, as the z-stream version in 8.9 also has 13. So bumping it to 14, will prevent upgrade conflicts.
 - Resolves:RHEL-19690, RHEL-17244, RHEL-19312

 [0.9.6-12]
 - Fix loglevel regression
 - Related: rhbz#2182251, rhbz#2189742

 [0.9.6-11]
 - .fmf/version is needed to run the tests
 - Related: rhbz#2182251, rhbz#2189742

 [0.9.6-10]
 - Add missing ci.fmf file
 - Related: rhbz#2182251, rhbz#2189742

 [0.9.6-9]
 - Fix covscan errors found at gating
 - Related: rhbz#2182251, rhbz#2189742

 [0.9.6-8]
 - Backport test fixing commits to make the build pass
 - Related: rhbz#2182251, rhbz#2189742

 [0.9.6-7]
 - Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667
 - Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283
 - Resolves: rhbz#2182251, rhbz#2189742

 [0.9.6-6]
 - Enable client and server testing build time
 - Fix failing rekey test on arch s390x
 - Resolves: rhbz#2126342

 [0.9.6-5]
 - Fix CI configuration for new TMT
 - Resolves: rhbz#2149910

 [0.9.6-4]
 - Make VERBOSE and lower log levels less verbose
 - Resolves: rhbz#2091512

 [0.9.6-3]
 - Remove STI tests

 [0.9.6-2]
 - Remove bad patch causing errors
 - Adding BuildRequires for openssh (SSHD support)

 [0.9.6-1]
 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
 - Rebase to version 0.9.6
 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
 - Resolves: rhbz#1896651, rhbz#1994600

 [0.9.4-4]
 - Revert previous commit as it is incorrect.

 [0.9.6-1]
 - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810)

 [0.9.4-3]
 - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (#1862646)

 [0.9.4-2]
 - Do not return error when server properly closed the channel (#1849071)
 - Add a test for CVE-2019-14889
 - Do not parse configuration file in torture_knownhosts test

 [0.9.4-1]
 - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
 - Fixed CVE-2019-14889 (#1781782)
 - Fixed CVE-2020-1730 (#1802422)
 - Create missing directories in the path provided for known_hosts files (#1733914)
 - Removed inclusion of OpenSSH server configuration file from libssh_server.config (#1821339)

 [0.9.0-4]
 - Skip 1024 bits RSA key generation test in FIPS mode (#1734485)

 [0.9.0-3]
 - Add Obsoletes in libssh-config to avoid conflict with old libssh which installed the configuration files.

 [0.9.0-2]
 - Eliminate circular dependency with libssh-config subpackage

 [0.9.0-1]
 - Update to version 0.9.0 https://www.libssh.org/2019/06/28/libssh-0-9-0/
 - Added explicit Requires for crypto-policies
 - Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
 - Provide the configuration files in a separate libssh-config subpackage

 [0.8.91-0.1]
 - Update to 0.9.0 pre release version (0.8.91)
 - Added default configuration files for client and server
 - Removed unused patch files left behind
 - Fixed issues found to run upstream test suite with SELinux

 [0.8.5-2]
 - Fix more regressions introduced by the fixes for CVE-2018-10933

 [0.8.5-1]
 - Update to version 0.8.5
 * Fixed an issue where global known_hosts file was ignored (#1649321)
 * Fixed ssh_get_fd() to return writable file descriptor (#1649319)
 * Fixed regression introduced in known_hosts parsing (#1649315)
 * Fixed a regression which caused only the first algorithm in known_hosts to be considered (#1638790)

 [0.8.3-5]
 - Fix regressions introduced by the fixes for CVE-2018-10933

 [0.8.3-4]
 - Fix for authentication bypass issue in server implementation (#1639926)

 [0.8.3-3]
 - Fixed errors found by static code analysis (#1602594)

 [0.8.3-1]
 - Update to version 0.8.3
 * Added support for rsa-sha2 (#1610882)
 * Added support to parse private keys in openssh container format (other than ed25519) (#1622983)
 * Added support for diffie-hellman-group18-sha512 and diffie-hellman-group16-sha512 (#1610885)
 * Added ssh_get_fingerprint_hash()
 * Added ssh_pki_export_privkey_base64()
 * Added support for Match keyword in config file
 * Improved performance and reduced memory footprint for sftp
 * Fixed ecdsa publickey auth
 * Fixed reading a closed channel
 * Added support to announce [email protected] and [email protected] in the sftp server
 * Use -fstack-protector-strong if possible (#1624135)

 [0.8.1-4]
 - Fix the creation of symbolic links for libssh_threads.so.4

 [0.8.1-3]
 - Add missing Provides for libssh_threads.so.4

 [0.8.1-2]
 - Add Provides for libssh_threads.so to unbreak applications
 - Fix ABIMap detection to not depend on python to build

 [0.8.1-1]
 - Update to version 0.8.1 https://www.libssh.org/2018/08/13/libssh-0-8-1/

 [0.8.0-1]
 - Update to version 0.8.0 https://www.libssh.org/2018/08/10/libssh-0-8-0/

 [0.7.5-9]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 [0.7.5-8]
 - BR: gcc-c++, use %make_build

 [0.7.5-7]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 - Related: bug#1614611

 [0.7.5-6]
 - resolves: #1540021 - Build against OpenSSL 1.1

 [0.7.5-5]
 - Switch to %ldconfig_scriptlets

 [0.7.5-4]
 - Fix parsing ssh_config

 [0.7.5-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

 [0.7.5-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 [0.7.5-1]
 - Update to version 0.7.5

 [0.7.4-2]
 - BR: compat-openssl10-devel (f26+, #1423088)
 - use %license
 - -devel: drop hardcoded pkgconfig dep (let autodeps handle it)
 - %files: track library sonames, simplify -devel
 - %install: use 'install/fast' target
 - .spec cosmetics, drop deprecated %clean section

 [0.7.4-1]
 - Update to version 0.7.4
 * Added id_ed25519 to the default identity list
 * Fixed sftp EOF packet handling
 * Fixed ssh_send_banner() to confirm with RFC 4253
 * Fixed some memory leaks
 - resolves: #1419007

 [0.7.3-1]
 - resolves: #1311259 - Fix CVE-2016-0739
 - resolves: #1311332 - Update to version 0.7.3
 * Fixed CVE-2016-0739
 * Fixed ssh-agent on big endian
 * Fixed some documentation issues
 - Enabled GSSAPI support

 [0.7.2-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

 [0.7.2-2]
 - resolves: #1271230 - Fix ssh-agent support on big endian

 [0.7.2-1]
 - Update to version 0.7.2
 * Fixed OpenSSL detection on Windows
 * Fixed return status for ssh_userauth_agent()
 * Fixed KEX to prefer hmac-sha2-256
 * Fixed sftp packet handling
 * Fixed return values of ssh_key_is_(public|private)
 * Fixed bug in global success reply
 - resolves: #1267346

 [0.7.1-1]
 - Update to version 0.7.1
 * Fixed SSH_AUTH_PARTIAL auth with auto public key
 * Fixed memory leak in session options
 * Fixed allocation of ed25519 public keys
 * Fixed channel exit-status and exit-signal
 * Reintroduce ssh_forward_listen()

 [0.7.0-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

 [0.7.0-2]
 - Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)

 [0.7.0-1]
 - Update to version 0.7.0
 * Added support for ed25519 keys
 * Added SHA2 algorithms for HMAC
 * Added improved and more secure buffer handling code
 * Added callback for auth_none_function
 * Added support for ECDSA private key signing
 * Added more tests
 * Fixed a lot of bugs
 * Improved API documentation

 [0.6.5-1]
 - resolves: #1213775 - Security fix for CVE-2015-3146
 - resolves: #1218076 - Security fix for CVE-2015-3146

 [0.6.4-1]
 - Security fix for CVE-2014-8132.

 [0.6.3-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

 [0.6.3-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

 [0.6.3-1]
 - Fix CVE-2014-0017.

 [0.6.1-1]
 - Update to version 0.6.1.
 - resolves: #1056757 - Fix scp mode.
 - resolves: #1053305 - Fix known_hosts heuristic.

 [0.6.0-1]
 - Update to 0.6.0

 [0.5.5-1]
 - Update to 0.5.5.
 - Clenup the spec file.

 [0.5.4-5]
 - Add EPEL 5 support.
 - Add Debian patches to enable Doxygen documentation.

 [0.5.4-4]
 - Add patch for #982685.

 [0.5.4-3]
 - Clean up SPEC file and fix rpmlint complaints.

 [0.5.4-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

 [0.5.4-1]
 - update to security 0.5.4 release
 - CVE-2013-0176 (#894407)

 [0.5.3-1]
 - update to security 0.5.3 release (#878465)

 [0.5.2-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

 [0.5.2-1]
 - update to 0.5.2 version (#730270)

 [0.5.0-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

 [0.5.0-1]
 - bounce versionn to 0.5.0 (#709785)
 - the support for protocol v1 is disabled

 [0.4.8-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

 [0.4.8-1]
 - bounce versionn to 0.4.8 (#670456)

 [0.4.6-1]
 - bounce versionn to 0.4.6 (#630602)

 [0.4.4-1]
 - bounce versionn to 0.4.4 (#598592)

 [0.4.3-1]
 - bounce versionn to 0.4.3 (#593288)

 [0.4.2-1]
 - bounce versionn to 0.4.2 (#573972)

 [0.4.1-1]
 - bounce versionn to 0.4.1 (#565870)

 [0.4.0-1]
 - bounce versionn to 0.4.0 (#541010)

 [0.3.92-2]
 - typo in spec file

 [0.3.92-1]
 - bounce versionn to 0.3.92 (0.4 beta2) (#541010)

 [0.2-4]
 - rebuilt with new openssl

 [0.2-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

 [0.2-2]
 - Small changes during review

 [0.2-1]
 - Initial build

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libssh, libssh-config and / or libssh-devel packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-3233.html

Plugin Details

Severity: Medium

ID: 198033

File Name: oraclelinux_ELSA-2024-3233.nasl

Version: 1.1

Type: local

Agent: unix

Published: 5/28/2024

Updated: 5/28/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2023-6004

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:linux:8:10:appstream_base, cpe:/o:oracle:linux:8::baseos_latest, p-cpe:/a:oracle:linux:libssh-config, cpe:/o:oracle:linux:8:10:baseos_base, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:libssh, cpe:/a:oracle:linux:8::appstream, p-cpe:/a:oracle:linux:libssh-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 5/23/2024

Vulnerability Publication Date: 12/19/2023

Reference Information

CVE: CVE-2023-6004, CVE-2023-6918

IAVA: 2023-A-0703