Bug 8880 - libssh new security issue CVE-2013-0176
: libssh new security issue CVE-2013-0176
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/534674/
: has_procedure mga2-64-OK mga2-32-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-01-29 01:52 CET by David Walser
Modified: 2013-02-06 23:16 CET (History)
2 users (show)

See Also:
Source RPM: libssh
CVE:


Attachments

Description David Walser 2013-01-29 01:52:03 CET
Ubuntu has issued an advisory today (January 28):
http://www.ubuntu.com/usn/usn-1707-1/

Update is in Cauldron SVN, waiting to be freeze pushed.

Patch is checked into Mageia 1 and Mageia 2 SVN.
Comment 1 David Walser 2013-01-29 16:28:27 CET
Updated package uploaded for Cauldron.  Patched package uploaded for Mageia 2.

Advisory:
========================

Updated libssh packages fix security vulnerability:

Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh to
crash, resulting in a denial of service (CVE-2013-0176).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.ubuntu.com/usn/usn-1707-1/
========================

Updated packages in core/updates_testing:
========================
libssh4-0.5.2-1.2.mga2
libssh-devel-0.5.2-1.2.mga2

from libssh-0.5.2-1.2.mga2.src.rpm
Comment 2 claire robinson 2013-01-30 15:31:33 CET
Testing complete mga2 64

No public PoC so just checking using hydra

Note: this library isn't a require of openssh-server or client

Before
------
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 13:52:10
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 13:52:12

After
-----
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 14:30:26
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 14:30:28
Comment 3 claire robinson 2013-01-30 23:17:53 CET
Testing complete mga2 32

Validating

Advisory & SRPM in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 4 Thomas Backlund 2013-02-06 23:16:19 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0033

Note You need to log in before you can comment on or make changes to this bug.