diff options
| author | rakuco <rakuco@FreeBSD.org> | 2016-03-05 21:09:48 +0800 |
|---|---|---|
| committer | rakuco <rakuco@FreeBSD.org> | 2016-03-05 21:09:48 +0800 |
| commit | a0229fabbb09eef34ad0f0b34f46d51c1538cc0f (patch) | |
| tree | 9de6026dbcd1d3109f3b375eca6d2be8397a7d82 | |
| parent | 1f8ac87c962ad046a99b1d470d79a5fedb1a0626 (diff) | |
| download | freebsd-ports-gnome-a0229fabbb09eef34ad0f0b34f46d51c1538cc0f.tar.gz freebsd-ports-gnome-a0229fabbb09eef34ad0f0b34f46d51c1538cc0f.tar.zst freebsd-ports-gnome-a0229fabbb09eef34ad0f0b34f46d51c1538cc0f.zip | |
Add entry for security/libssh's CVE-2016-0739.
This was fixed in r409932, but the 2016Q1 branch is still vulnerable.
| -rw-r--r-- | security/vuxml/vuln.xml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0f61632caa1d..cb97a028057f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b3591ea-e2d2-11e5-a6be-5453ed2e2b49"> + <topic>libssh -- weak Diffie-Hellman secret generation</topic> + <affects> + <package> + <name>libssh</name> + <range><lt>0.7.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Andreas Schneider reports:</p> + <blockquote cite="https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/"> + <p>libssh versions 0.1 and above have a bits/bytes confusion bug and + generate the an anormaly short ephemeral secret for the + diffie-hellman-group1 and diffie-hellman-group14 key exchange + methods. The resulting secret is 128 bits long, instead of the + recommended sizes of 1024 and 2048 bits respectively. There are + practical algorithms (Baby steps/Giant steps, Pollard’s rho) that can + solve this problem in O(2^63) operations.</p> + <p>Both client and server are are vulnerable, pre-authentication. + This vulnerability could be exploited by an eavesdropper with enough + resources to decrypt or intercept SSH sessions. The bug was found + during an internal code review by Aris Adamantiadis of the libssh + team.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-0739</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739</url> + <url>https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/</url> + </references> + <dates> + <discovery>2016-02-23</discovery> + <entry>2016-03-05</entry> + </dates> + </vuln> + <vuln vid="7d09b9ee-e0ba-11e5-abc4-6fb07af136d2"> <topic>exim -- local privilleges escalation</topic> <affects> |