SB2014022102 - Gentoo update for libssh 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014022102

SB2014022102 - Gentoo update for libssh

Published: February 21, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014022102
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2012-4559)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.


2) Buffer overflow (CVE-ID: CVE-2012-4560)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.


3) Input validation error (CVE-ID: CVE-2012-4561)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.


4) Input validation error (CVE-ID: CVE-2012-4562)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.


5) Resource management error (CVE-ID: CVE-2012-6063)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.


Remediation

Install update from vendor's website.

References