Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0176

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0176
Last Modified 07 Feb 2013 12:00:00
Published 05 Feb 2013 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0176

Summary

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Vulnerable Systems

Application

  • Libssh 0.4.7

  • Libssh 0.4.8

  • Libssh 0.5.0

  • Libssh 0.5.1

  • Libssh 0.5.2

  • Libssh 0.5.3


References

XF - libssh-publickeyfromprivatekey-dos(81595)

UBUNTU - USN-1707-1

CONFIRM - http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/

SECUNIA - 51982

FEDORA - FEDORA-2013-1407

FEDORA - FEDORA-2013-1422


Last Updated: 27 May 2016 10:49:53