exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2016-0739

Status Candidate

Overview

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Related Files

Gentoo Linux Security Advisory 201606-12
Posted Jun 26, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-12 - Multiple vulnerabilities have been found in libssh and libssh2, the worst of which allows remote attackers to cause Denial of Service. Versions less than 0.7.3 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8132, CVE-2016-0739, CVE-2016-0787
MD5 | 8c08e9a6fc7ed135ddc8a317e28e1d4c
Red Hat Security Advisory 2016-0566-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0566-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-0739
MD5 | a7fc043e4eff39b58f3e8194d5171d0d
Slackware Security Advisory - libssh Updates
Posted Feb 29, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0739
MD5 | 73a897fc740f2fbd6f52b03c74da6cba
Ubuntu Security Notice USN-2912-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-3146, CVE-2016-0739
MD5 | 86103931b74c7c83665bf453d0731365
Debian Security Advisory 3488-1
Posted Feb 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3488-1 - Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. This flaw could allow an eavesdropper with enough resources to decrypt or intercept SSH sessions.

tags | advisory
systems | linux, debian
advisories | CVE-2016-0739
MD5 | a237ea88f298ac9e8c4cb35e2519e94b
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close