CVE-2016-0739

Related Files

Gentoo Linux Security Advisory 201606-12

Posted Jun 26, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-12 - Multiple vulnerabilities have been found in libssh and libssh2, the worst of which allows remote attackers to cause Denial of Service. Versions less than 0.7.3 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2014-8132, CVE-2016-0739, CVE-2016-0787

SHA-256 | a7682074939d8d39fdbac72c4a9138e844743c73c282548b5fb3e4eebea79c23

Download | Favorite | View

Red Hat Security Advisory 2016-0566-01

Posted Apr 4, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0566-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

tags | advisory, protocol

systems | linux, redhat

advisories | CVE-2016-0739

SHA-256 | bb5114769e158462435967fe99f7c07248d8a74c18dc398bb58e1d28a2fd2d4b

Download | Favorite | View

Slackware Security Advisory - libssh Updates

Posted Feb 29, 2016

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory

systems | linux, slackware

advisories | CVE-2016-0739

SHA-256 | 02c7441014bdd9e0f73350f6d47e292e57e03e9a03b3a1d62206ffdf4d7d9a4f

Download | Favorite | View

Ubuntu Security Notice USN-2912-1

Posted Feb 25, 2016

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2015-3146, CVE-2016-0739

SHA-256 | 64e90d7f17cf676e3947fb61a36d15d6f07e6deabaa7f62a7ebfb2162dfd9513

Download | Favorite | View

Debian Security Advisory 3488-1

Posted Feb 24, 2016

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3488-1 - Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. This flaw could allow an eavesdropper with enough resources to decrypt or intercept SSH sessions.

tags | advisory

systems | linux, debian

advisories | CVE-2016-0739

SHA-256 | 1988252901382621351e20121b78565f55bdb2d2c34f27c3e8ac0bfba280bda2

Download | Favorite | View