Bug 1801998 (CVE-2020-1730)
Summary: | CVE-2020-1730 libssh: denial of service when handling AES-CTR (or DES) ciphers | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ansasaki, asn, dblechte, dfediuck, djuran, eedri, elima, erik-fedora, extras-orphan, fidencio, hkario, huzaifas, jfch, jlyle, kdudka, marcandre.lureau, mgoldboi, michal.skrivanek, mike, mpitt, negativo17, paul, rdieter, redhat-bugzilla, rjones, sbonazzo, security-response-team, sherold, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libssh 0.8.9, libssh 0.9.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the way libssh handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 02:24:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1802422, 1814517, 1822529 | ||
Bug Blocks: | 1795471 |
Description
Dhananjay Arunesh
2020-02-12 05:27:24 UTC
Acknowledgments: Name: libssh team Upstream: Yasheng Yang (Google) Mitigation: Disable AES-CTR ciphers (and DES in libssh 0.8). If you implement a server using libssh we advise to use a prefork model so each session runs in an own process. If you have implemented your server this way this is not really an issue. The client will kill its own connection. External References: https://www.libssh.org/security/advisories/CVE-2020-1730.txt Created libssh tracking bugs for this issue: Affects: fedora-all [bug 1822529] Upstream patch: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4545 https://access.redhat.com/errata/RHSA-2020:4545 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1730 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2020:5218 https://access.redhat.com/errata/RHSA-2020:5218 |