Download
| Alert*
oval:org.secpod.oval:def:204228
The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting l ... oval:org.secpod.oval:def:501712 The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting l ... oval:org.secpod.oval:def:108538 libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS. oval:org.secpod.oval:def:601990 Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the li ... oval:org.secpod.oval:def:1501246 The remote host is missing a patch containing a security fix, which affects the following package(s): libssh2 oval:org.secpod.oval:def:108573 libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS. |