Bug 8880

Summary: libssh new security issue CVE-2013-0176
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/534674/
Whiteboard: has_procedure mga2-64-OK mga2-32-ok
Source RPM: libssh CVE:
Status comment:

Description David Walser 2013-01-29 01:52:03 CET 
Ubuntu has issued an advisory today (January 28):
http://www.ubuntu.com/usn/usn-1707-1/

Update is in Cauldron SVN, waiting to be freeze pushed.

Patch is checked into Mageia 1 and Mageia 2 SVN.
David Walser 2013-01-29 01:52:12 CET

Whiteboard: (none) => MGA2TOO

Comment 1 David Walser 2013-01-29 16:28:27 CET 
Updated package uploaded for Cauldron.  Patched package uploaded for Mageia 2.

Advisory:
========================

Updated libssh packages fix security vulnerability:

Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh to
crash, resulting in a denial of service (CVE-2013-0176).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.ubuntu.com/usn/usn-1707-1/
========================

Updated packages in core/updates_testing:
========================
libssh4-0.5.2-1.2.mga2
libssh-devel-0.5.2-1.2.mga2

from libssh-0.5.2-1.2.mga2.src.rpm

Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: MGA2TOO => (none)

Comment 2 claire robinson 2013-01-30 15:31:33 CET 
Testing complete mga2 64

No public PoC so just checking using hydra

Note: this library isn't a require of openssh-server or client

Before
------
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 13:52:10
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 13:52:12

After
-----
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 14:30:26
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 14:30:28

Whiteboard: (none) => has_procedure mga2-64-OK

Comment 3 claire robinson 2013-01-30 23:17:53 CET 
Testing complete mga2 32

Validating

Advisory & SRPM in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-ok

Comment 4 Thomas Backlund 2013-02-06 23:16:19 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0033

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED