The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2478-1 advisory.

    It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could     possibly use this issue to cause libssh to crash, resulting in a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New libssh packages are available for Slackware 14.0, 14.1, and
-current to fix security issues.

Security fix for CVE-2014-8132.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated libssh packages fix security vulnerability :

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet (CVE-2014-8132).

This libssh update fixes the following security issue :

  - bsc#910790: Double free on dangling pointers in initial     key exchange packet (CVE-2014-8132).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixed the following security issue :

  - Fix CVE-2014-8132: Double free on dangling pointers in     initial key exchange packet; (bsc#910790).

The remote libssh server contains a double-free memory flaw in the ssh_packet_kexinit() function in kex.c. A remote attacker, with a specially crafted SSH_MSG_KEXINIT packet, can cause a denial of service.

Updated libssh packages fix security vulnerabilities :

When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain conditions leak their private key (CVE-2014-0017).

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet (CVE-2014-8132).

The remote host is affected by the vulnerability described in GLSA-201606-12 (libssh and libssh2: Multiple vulnerabilities)

    libssh and libssh2 both have a bits/bytes confusion bug and generate an       abnormaly short ephemeral secret for the diffie-hellman-group1 and       diffie-hellman-group14 key exchange methods. The resulting secret is 128       bits long, instead of the recommended sizes of 1024 and 2048 bits       respectively.
    Additionally, a double free on dangling pointers in initial key exchange       packets within libssh could leave dangling pointers in the session crypto       structures. It is possible to send a malicious kexinit package to       eventually cause a server to do a double-free before this fix. This could       be used for a Denial of Service attack.
  Impact :

    Remote attackers may gain access to confidential information due to the       short keysize generated by libssh and libssh2, or cause a Denial of       Service condition.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Published	Updated	Severity
80853	Ubuntu 14.04 LTS : libssh vulnerability (USN-2478-1)	Nessus	Ubuntu Local Security Checks	1/20/2015	8/27/2024	high
82917	Slackware 14.0 / 14.1 / current : libssh (SSA:2015-111-04)	Nessus	Slackware Local Security Checks	4/22/2015	1/14/2021	medium
80347	Fedora 20 : libssh-0.6.4-1.fc20 (2014-17303)	Nessus	Fedora Local Security Checks	1/5/2015	1/11/2021	medium
80466	Mandriva Linux Security Advisory : libssh (MDVSA-2015:020)	Nessus	Mandriva Local Security Checks	1/13/2015	1/6/2021	medium
83658	SUSE SLED12 Security Update : libssh (SUSE-SU-2014:1731-1)	Nessus	SuSE Local Security Checks	5/20/2015	1/19/2021	medium
80438	openSUSE Security Update : libssh (openSUSE-SU-2015:0017-1)	Nessus	SuSE Local Security Checks	1/9/2015	1/19/2021	medium
80348	Fedora 21 : libssh-0.6.4-1.fc21 (2014-17324)	Nessus	Fedora Local Security Checks	1/5/2015	1/11/2021	medium
80349	Fedora 19 : libssh-0.6.4-1.fc19 (2014-17354)	Nessus	Fedora Local Security Checks	1/5/2015	1/11/2021	medium
80556	Libssh ssh_packet_kexinit() Double-free Memory DoS	Nessus	Denial of Service	1/16/2015	6/21/2022	medium
82339	Mandriva Linux Security Advisory : libssh (MDVSA-2015:086)	Nessus	Mandriva Local Security Checks	3/30/2015	1/14/2021	medium
91843	GLSA-201606-12 : libssh and libssh2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	6/27/2016	1/11/2021	medium

Detections

Analytics

Plugins Search

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium