894407 – (CVE-2013-0176) CVE-2013-0176 libssh: NULL dereference leads to denial of service

Bug 894407 (CVE-2013-0176) - CVE-2013-0176 libssh: NULL dereference leads to denial of service

Summary: CVE-2013-0176 libssh: NULL dereference leads to denial of service

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2013-0176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	902992
Blocks:
TreeView+	depends on / blocked

Reported:	2013-01-11 16:44 UTC by Vincent Danen
Modified:	2019-09-29 12:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-05 21:56:56 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for CVE-2013-0176 (1.59 KB, patch) 2013-01-14 13:40 UTC, Andreas Schneider	no flags	Details \| Diff
View All

Description Vincent Danen 2013-01-11 16:44:18 UTC

A NULL dereference was found in libssh 0.5.3's publickey_from_privatekey() function.  When a server using libssh receives a "Client: Key Exchange Init", the server sets up the session and tries to set the algorithms by matching what the user specified vs what is supported in crypt_set_algorithms_server().  If there is no match, it will lead to a NULL dereference when receiving the "Client: Diffie-Hellman Key Exchange Init" packet, which will cause the program using libssh to crash.

Comment 2 Andreas Schneider 2013-01-14 13:40:17 UTC

Created attachment 678235 [details]
Patch for CVE-2013-0176

Comment 4 Andreas Schneider 2013-01-22 15:22:43 UTC

http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/

Comment 5 Andreas Schneider 2013-01-22 15:24:57 UTC

Fedora bugs are created automatically?

Comment 6 Vincent Danen 2013-01-22 21:40:33 UTC

Created libssh tracking bugs for this issue

Affects: fedora-all [bug 902992]

Comment 7 Vincent Danen 2013-01-22 21:40:59 UTC

Sorry, no, I forgot about the time.  =(

Comment 8 Fedora Update System 2013-02-02 04:19:45 UTC

libssh-0.5.4-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-02-02 04:28:16 UTC

libssh-0.5.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.