F5 Networks BIG-IP : libssh2 vulnerabilities (K90011301)

high Nessus Plugin ID 154888

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3857 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3863 A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Impact

For CVE-2019-3856 and CVE-2019-3857, a remote attacker may be able to execute code on the client system when a user connects to the server.

For CVE-2019-3863, an attacker may be able to initiate a response from the server in which the message length causes an out-of-bounds memory write.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K90011301.

See Also

https://support.f5.com/csp/article/K90011301

Plugin Details

Severity: High

ID: 154888

File Name: f5_bigip_SOL90011301.nasl

Version: 1.2

Type: local

Published: 11/4/2021

Updated: 11/8/2021

Configuration: Enable paranoid mode

Risk Information

CVSS Score Source: CVE-2019-3863

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/18/2020

Vulnerability Publication Date: 3/25/2019

Reference Information

CVE: CVE-2019-3856, CVE-2019-3857, CVE-2019-3863