Bug 910790 - (CVE-2014-8132) VUL-0: CVE-2014-8132: libssh: Double free on dangling pointers in initial key exchange packet.
(CVE-2014-8132)
VUL-0: CVE-2014-8132: libssh: Double free on dangling pointers in initial key...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-19 10:32 UTC by Marcus Meissner
Modified: 2015-01-16 09:45 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-12-19 10:32:22 UTC
via Andreas Schneider on IRC.

http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.libssh.org/security/advisories/CVE-2014-8132.txt

libssh 0.6.4 (Security and bugfix release)

19/12/14 - 11:38am

This is an important SECURITY and maintenance release in order to address CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet.
libssh versions 0.5.1 and above could leave dangling pointers in the session
crypto structures. It is possible to send a malicious kexinit package to
eventually cause a server to do a double-free before this fix.

This could be used for a Denial of Service attack.

As this was found by a libssh developer there are no currently known exploits
for this problem (as of December 19th 2014).
Comment 1 Marcus Meissner 2014-12-19 10:32:42 UTC
(libssh and not libssh2_org)
Comment 2 James McDonough 2014-12-19 13:49:14 UTC
Maintenance request 47717 submitted for SLE12
Comment 3 James McDonough 2014-12-19 13:49:47 UTC
Nothing required for SLE11
Comment 5 Bernhard Wiedemann 2014-12-19 17:00:31 UTC
This is an autogenerated message for OBS integration:
This bug (910790) was mentioned in
https://build.opensuse.org/request/show/265950 13.2+13.1+12.3 / libssh
Comment 6 James McDonough 2014-12-19 19:14:19 UTC
Whoops, didn't commit before submitting, new SLE12 request is 47723
Comment 8 Bernhard Wiedemann 2014-12-22 13:00:29 UTC
This is an autogenerated message for OBS integration:
This bug (910790) was mentioned in
https://build.opensuse.org/request/show/266147 13.2+13.1+12.3 / libssh
Comment 9 Swamp Workflow Management 2014-12-30 13:06:37 UTC
SUSE-SU-2014:1731-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 910790
CVE References: CVE-2014-8132
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libssh-0.6.3-4.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libssh-0.6.3-4.1
SUSE Linux Enterprise Desktop 12 (src):    libssh-0.6.3-4.1
Comment 10 Swamp Workflow Management 2015-01-08 12:04:54 UTC
openSUSE-SU-2015:0017-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 910790
CVE References: CVE-2014-8132
Sources used:
openSUSE 13.2 (src):    libssh-0.6.3-2.4.1
openSUSE 13.1 (src):    libssh-0.5.5-2.12.1
openSUSE 12.3 (src):    libssh-0.5.3-2.12.1
Comment 11 Victor Pereira 2015-01-16 09:45:40 UTC
update released