Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
[ASA-201903-13] libssh2: multiple issues
Related Vulnerabilities:
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
Source
Arch Linux Security Advisory ASA-201903-13 ========================================== Severity: Critical Date : 2019-03-20 CVE-ID :
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
Package :
libssh4
Type : multiple issues Remote : Yes Link :
https://security.archlinux.org/AVG-926
Summary ======= The package
libssh4
before version 1.8.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 1.8.1-1. # pacman -Syu "
libssh4
>=1.8.1-1" The problems have been fixed upstream in version 1.8.1. Workaround ========== None. Description =========== -
CVE-2019-3855
(arbitrary code execution) A out-of-bounds write has been found in
libssh4
before 1.8.1, where a malicious server could send a specially crafted packet which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error. -
CVE-2019-3856
(arbitrary code execution) An issue has been found in
libssh4
before 1.8.1 where a server could send a value approaching unsigned int max number of keyboard prompt requests which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error. -
CVE-2019-3857
(arbitrary code execution) An issue has been found in
libssh4
before 1.8.1 where a server could send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max unsigned integer value. The length would then have a value of 1 added to it and used to allocate memory causing a possible memory write out of bounds error or zero byte allocation. -
CVE-2019-3858
(information disclosure) An issue has been found in
libssh4
before 1.8.1 where a server could send a specially crafted partial SFTP packet with a zero value for the payload length. This zero value would be used to then allocate memory resulting in a zero byte allocation and possible out of bounds read. -
CVE-2019-3859
(information disclosure) An issue has been found in
libssh4
before 1.8.1 where a server could send a specially crafted partial packet in response to various commands such as: sha1 and sha226 key exchange, user auth list, user auth password response, public key auth response, channel startup/open/forward/ setenv/request pty/x11 and session start up. The result would be a memory out of bounds read. -
CVE-2019-3860
(information disclosure) An issue has been found in
libssh4
before 1.8.1 where a server could send a specially crafted partial SFTP packet with a empty payload in response to various SFTP commands such as read directory, file status, status vfs and symlink. The result would be a memory out of bounds read. -
CVE-2019-3861
(information disclosure) An issue has been found in
libssh4
before 1.8.1 where a server could send a specially crafted SSH packet with a padding length value greater than the packet length. This would result in a buffer read out of bounds when decompressing the packet or result in a corrupted packet value. -
CVE-2019-3862
(information disclosure) An issue has been found in
libssh4
before 1.8.1 where a server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit status message and no payload. This would result in an out of bounds memory comparison. -
CVE-2019-3863
(arbitrary code execution) An issue has been found in
libssh4
before 1.8.1 where a server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Impact ====== A malicious server could access sensitive information or execute arbitrary code on a vulnerable client. References ==========
https://www.libssh4.org/mail/libssh4-devel-archive-2019-03/0009.shtml
https://www.libssh4.org/CVE-2019-3855.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3855.patch
https://www.libssh4.org/CVE-2019-3856.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3856.patch
https://www.libssh4.org/CVE-2019-3857.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3857.patch
https://www.libssh4.org/CVE-2019-3858.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3858.patch
https://www.libssh4.org/CVE-2019-3859.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3859.patch
https://www.libssh4.org/CVE-2019-3860.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3860.patch
https://www.libssh4.org/CVE-2019-3861.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3861.patch
https://www.libssh4.org/CVE-2019-3862.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3862.patch
https://www.libssh4.org/CVE-2019-3863.html
https://libssh4.org/1.8.0-CVE/CVE-2019-3863.patch
https://security.archlinux.org/CVE-2019-3855
https://security.archlinux.org/CVE-2019-3856
https://security.archlinux.org/CVE-2019-3857
https://security.archlinux.org/CVE-2019-3858
https://security.archlinux.org/CVE-2019-3859
https://security.archlinux.org/CVE-2019-3860
https://security.archlinux.org/CVE-2019-3861
https://security.archlinux.org/CVE-2019-3862
https://security.archlinux.org/CVE-2019-3863