FreeBSD : libssh2 -- multiple issues (6e58e1e9-2636-413e-9f84-4c0e21143628)

High Nessus Plugin ID 124182


The remote FreeBSD host is missing one or more security-related updates.


libssh2 developers report :

- Defend against possible integer overflows in comp_method_zlib_decomp.

- Defend against writing beyond the end of the payload in

- Sanitize padding_length - _libssh2_transport_read().

- This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

- Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

- Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

- Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

- Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 124182

File Name: freebsd_pkg_6e58e1e92636413e9f844c0e21143628.nasl

Version: 1.4

Type: local

Published: 2019/04/19

Updated: 2020/01/23

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-3855

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libssh2, p-cpe:/a:freebsd:freebsd:linux-c6-libssh2, p-cpe:/a:freebsd:freebsd:linux-c7-libssh2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/04/18

Vulnerability Publication Date: 2019/03/14

Reference Information

CVE: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863