FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0b040e24-f751-11e4-b24d-5453ed2e2b49libssh -- null pointer dereference

Andreas Schneider reports:

libssh versions 0.5.1 and above have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This is the packet after the initial key exchange and doesn’t require authentication.

This could be used for a Denial of Service (DoS) attack.

Discovery 2015-04-30
Entry 2015-05-10
lt 0.6.5

2383767c-d224-11e8-9623-a4badb2f4699libssh -- authentication bypass vulnerability

gladiac reports:

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

Discovery 2018-10-16
Entry 2018-10-17
ge 0.6 lt 0.7.6

ge 0.8 lt 0.8.4
6b3591ea-e2d2-11e5-a6be-5453ed2e2b49libssh -- weak Diffie-Hellman secret generation

Andreas Schneider reports:

libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There are practical algorithms (Baby steps/Giant steps, Pollard’s rho) that can solve this problem in O(2^63) operations.

Both client and server are are vulnerable, pre-authentication. This vulnerability could be exploited by an eavesdropper with enough resources to decrypt or intercept SSH sessions. The bug was found during an internal code review by Aris Adamantiadis of the libssh team.

Discovery 2016-02-23
Entry 2016-03-05
lt 0.7.3

1e7fa41b-f6ca-4fe8-bd46-0e176b42b14flibssh -- Unsanitized location in scp could lead to unwanted command execution

The libssh team reports:

In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in additon.

When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of ssh_scp_new(), it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Discovery 2019-11-14
Entry 2020-02-02
ge 0.4.0 lt 0.8.8

ge 0.9.0 lt 0.9.3