ALT-PU-2020-1469-1
Closed vulnerabilities
Modified: 2021-03-23
BDU:2018-01221
Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации
Modified: 2024-09-16
BDU:2020-02642
Уязвимость функции ssh_scp_new() библиотеки libssh, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
- http://www.securityfocus.com/bid/105677
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://usn.ubuntu.com/3795-1/
- https://usn.ubuntu.com/3795-2/
- https://www.debian.org/security/2018/dsa-4322
- https://www.exploit-db.com/exploits/45638/
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- http://www.securityfocus.com/bid/105677
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://usn.ubuntu.com/3795-1/
- https://usn.ubuntu.com/3795-2/
- https://www.debian.org/security/2018/dsa-4322
- https://www.exploit-db.com/exploits/45638/
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Modified: 2024-11-21
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889
- https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/
- https://security.gentoo.org/glsa/202003-27
- https://usn.ubuntu.com/4219-1/
- https://www.libssh.org/security/advisories/CVE-2019-14889.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889
- https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/
- https://security.gentoo.org/glsa/202003-27
- https://usn.ubuntu.com/4219-1/
- https://www.libssh.org/security/advisories/CVE-2019-14889.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
Closed bugs
Обновить до 0.8.5