8880 – libssh new security issue CVE-2013-0176

Bug 8880 - libssh new security issue CVE-2013-0176

Summary: libssh new security issue CVE-2013-0176

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:	http://lwn.net/Vulnerabilities/534674/
Whiteboard:	has_procedure mga2-64-OK mga2-32-ok
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-01-29 01:52 CET by David Walser
Modified:	2013-02-06 23:16 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	libssh
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-01-29 01:52:03 CET

Ubuntu has issued an advisory today (January 28):
http://www.ubuntu.com/usn/usn-1707-1/

Update is in Cauldron SVN, waiting to be freeze pushed.

Patch is checked into Mageia 1 and Mageia 2 SVN.

David Walser 2013-01-29 01:52:12 CET

Whiteboard: (none) => MGA2TOO

Comment 1 David Walser 2013-01-29 16:28:27 CET

Updated package uploaded for Cauldron.  Patched package uploaded for Mageia 2.

Advisory:
========================

Updated libssh packages fix security vulnerability:

Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh to
crash, resulting in a denial of service (CVE-2013-0176).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.ubuntu.com/usn/usn-1707-1/
========================

Updated packages in core/updates_testing:
========================
libssh4-0.5.2-1.2.mga2
libssh-devel-0.5.2-1.2.mga2

from libssh-0.5.2-1.2.mga2.src.rpm

Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: MGA2TOO => (none)

Comment 2 claire robinson 2013-01-30 15:31:33 CET

Testing complete mga2 64

No public PoC so just checking using hydra

Note: this library isn't a require of openssh-server or client

Before
------
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 13:52:10
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 13:52:12

After
-----
$ hydra -l testuser -p testpass ssh://localhost
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-30 14:30:26
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service ssh on port 22
[STATUS] attack finished for localhost (waiting for children to finish)
1 of 1 target successfuly completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-01-30 14:30:28

Whiteboard: (none) => has_procedure mga2-64-OK

Comment 3 claire robinson 2013-01-30 23:17:53 CET

Testing complete mga2 32

Validating

Advisory & SRPM in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-ok

Comment 4 Thomas Backlund 2013-02-06 23:16:19 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0033

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.