Bug 910790 – VUL-0: CVE-2014-8132: libssh: Double free on dangling pointers in initial key exchange packet.

Bug 910790 - (CVE-2014-8132) VUL-0: CVE-2014-8132: libssh: Double free on dangling pointers in initial key exchange packet.

(CVE-2014-8132)
Summary:	VUL-0: CVE-2014-8132: libssh: Double free on dangling pointers in initial key...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-12-19 10:32 UTC by Marcus Meissner
Modified:	2015-01-16 09:45 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-12-19 10:32:22 UTC

via Andreas Schneider on IRC.

http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.libssh.org/security/advisories/CVE-2014-8132.txt

libssh 0.6.4 (Security and bugfix release)

19/12/14 - 11:38am

This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet.
libssh versions 0.5.1 and above could leave dangling pointers in the session
crypto structures. It is possible to send a malicious kexinit package to
eventually cause a server to do a double-free before this fix.

This could be used for a Denial of Service attack.

As this was found by a libssh developer there are no currently known exploits
for this problem (as of December 19th 2014).

Comment 1 Marcus Meissner 2014-12-19 10:32:42 UTC

(libssh and not libssh2_org)

Comment 2 James McDonough 2014-12-19 13:49:14 UTC

Maintenance request 47717 submitted for SLE12

Comment 3 James McDonough 2014-12-19 13:49:47 UTC

Nothing required for SLE11

Comment 5 Bernhard Wiedemann 2014-12-19 17:00:31 UTC

This is an autogenerated message for OBS integration:
This bug (910790) was mentioned in
https://build.opensuse.org/request/show/265950 13.2+13.1+12.3 / libssh

Comment 6 James McDonough 2014-12-19 19:14:19 UTC

Whoops, didn't commit before submitting, new SLE12 request is 47723

Comment 8 Bernhard Wiedemann 2014-12-22 13:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (910790) was mentioned in
https://build.opensuse.org/request/show/266147 13.2+13.1+12.3 / libssh

Comment 9 Swamp Workflow Management 2014-12-30 13:06:37 UTC

SUSE-SU-2014:1731-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 910790
CVE References: CVE-2014-8132
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libssh-0.6.3-4.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libssh-0.6.3-4.1
SUSE Linux Enterprise Desktop 12 (src):    libssh-0.6.3-4.1

Comment 10 Swamp Workflow Management 2015-01-08 12:04:54 UTC

openSUSE-SU-2015:0017-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 910790
CVE References: CVE-2014-8132
Sources used:
openSUSE 13.2 (src):    libssh-0.6.3-2.4.1
openSUSE 13.1 (src):    libssh-0.5.5-2.12.1
openSUSE 12.3 (src):    libssh-0.5.3-2.12.1

Comment 11 Victor Pereira 2015-01-16 09:45:40 UTC

update released