FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f||libssh -- Unsanitized location in scp could lead to unwanted command execution|
The libssh team reports:
In an environment where a user is only allowed to copy files and
not to execute applications, it would be possible to pass a location
which contains commands to be executed in additon.
When the libssh SCP client connects to a server, the scp
command, which includes a user-provided path, is executed
on the server-side. In case the library is used in a way
where users can influence the third parameter of
ssh_scp_new(), it would become possible for an attacker to
inject arbitrary commands, leading to a compromise of the
ge 0.4.0 lt 0.8.8
ge 0.9.0 lt 0.9.3
|2383767c-d224-11e8-9623-a4badb2f4699||libssh -- authentication bypass vulnerability|
libssh versions 0.6 and above have an authentication bypass
vulnerability in the server code. By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message in place of the
SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
initiate authentication, the attacker could successfully authentciate
without any credentials.
ge 0.6 lt 0.7.6
ge 0.8 lt 0.8.4
|f8c88d50-5fb3-11e4-81bd-5453ed2e2b49||libssh -- PRNG state reuse on forking servers|
Aris Adamantiadis reports:
When accepting a new connection, the server forks and the
child process handles the request. The RAND_bytes() function
of openssl doesn't reset its state after the fork, but
simply adds the current process id (getpid) to the PRNG
state, which is not guaranteed to be unique.
|6b3591ea-e2d2-11e5-a6be-5453ed2e2b49||libssh -- weak Diffie-Hellman secret generation|
Andreas Schneider reports:
libssh versions 0.1 and above have a bits/bytes confusion bug and
generate an abnormally short ephemeral secret for the
diffie-hellman-group1 and diffie-hellman-group14 key exchange
methods. The resulting secret is 128 bits long, instead of the
recommended sizes of 1024 and 2048 bits respectively. There are
practical algorithms (Baby steps/Giant steps, Pollardâs rho) that can
solve this problem in O(2^63) operations.
Both client and server are are vulnerable, pre-authentication.
This vulnerability could be exploited by an eavesdropper with enough
resources to decrypt or intercept SSH sessions. The bug was found
during an internal code review by Aris Adamantiadis of the libssh
|0b040e24-f751-11e4-b24d-5453ed2e2b49||libssh -- null pointer dereference|
Andreas Schneider reports:
libssh versions 0.5.1 and above have a logical error in the
handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A
detected error did not set the session into the error state
correctly and further processed the packet which leads to a null
pointer dereference. This is the packet after the initial key
exchange and doesnât require authentication.
This could be used for a Denial of Service (DoS) attack.