Detections
Analytics

FreeBSD : libssh2 -- multiple issues (6e58e1e9-2636-413e-9f84-4c0e21143628)

critical Nessus Plugin ID 124182

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

libssh2 developers report :

- Defend against possible integer overflows in comp_method_zlib_decomp.

- Defend against writing beyond the end of the payload in
_libssh2_transport_read().

- Sanitize padding_length - _libssh2_transport_read().

- This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

- Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

- Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

- Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

- Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().

Solution

Update the affected packages.

See Also

https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1

https://libssh2.org/CVE-2019-3855.html

https://libssh2.org/CVE-2019-3856.html

https://libssh2.org/CVE-2019-3857.html

https://libssh2.org/CVE-2019-3858.html

https://libssh2.org/CVE-2019-3859.html

https://libssh2.org/CVE-2019-3860.html

https://libssh2.org/CVE-2019-3861.html

https://libssh2.org/CVE-2019-3862.html

https://libssh2.org/CVE-2019-3863.html

http://www.nessus.org/u?842549c3

Plugin Details

Severity: Critical

ID: 124182

File Name: freebsd_pkg_6e58e1e92636413e9f844c0e21143628.nasl

Version: 1.5

Type: local

Published: 4/19/2019

Updated: 5/23/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-3855

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libssh2, p-cpe:/a:freebsd:freebsd:linux-c6-libssh2, p-cpe:/a:freebsd:freebsd:linux-c7-libssh2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 4/18/2019

Vulnerability Publication Date: 3/14/2019

Reference Information

CVE: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863