FreeBSD : libssh -- weak Diffie-Hellman secret generation (6b3591ea-e2d2-11e5-a6be-5453ed2e2b49)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Andreas Schneider reports :

libssh versions 0.1 and above have a bits/bytes confusion bug and
generate an abnormally short ephemeral secret for the
diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended
sizes of 1024 and 2048 bits respectively. There are practical
algorithms (Baby steps/Giant steps, Pollard's rho) that can solve
this problem in O(2^63) operations.

Both client and server are are vulnerable, pre-authentication. This
vulnerability could be exploited by an eavesdropper with enough
resources to decrypt or intercept SSH sessions. The bug was found
during an internal code review by Aris Adamantiadis of the libssh
team.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739
http://www.nessus.org/u?2a0743a2
http://www.nessus.org/u?48fa03ed

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 89709 ()

Bugtraq ID:

CVE ID: CVE-2016-0739

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now