711308 – (CVE-2017-18594) <net-analyzer/nmap-7.80: denial of service condition due to a double free when SSH connection fails (CVE-2017-18594)

Bug 711308 (CVE-2017-18594) - <net-analyzer/nmap-7.80: denial of service condition due to a double free when SSH connection fails (CVE-2017-18594)

Summary: <net-analyzer/nmap-7.80: denial of service condition due to a double free whe...

Status:	RESOLVED FIXED

Alias:	CVE-2017-18594

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://seclists.org/nmap-dev/2018/q2/45
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-03-02 11:37 UTC by Sam James
Modified:	2020-03-25 19:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-analyzer/nmap-7.80-r1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-03-02 11:37:44 UTC

Description:
"nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse."

Patch: https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad

Comment 1 Agostino Sarubbo gentoo-dev

2020-03-15 18:26:30 UTC

amd64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2020-03-15 18:28:04 UTC

arm stable

Comment 3 Agostino Sarubbo gentoo-dev

2020-03-15 18:29:28 UTC

ia64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2020-03-15 18:32:10 UTC

ppc stable

Comment 5 Agostino Sarubbo gentoo-dev

2020-03-15 18:34:49 UTC

ppc64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-03-15 18:37:10 UTC

sparc stable

Comment 7 Agostino Sarubbo gentoo-dev

2020-03-15 18:43:32 UTC

x86 stable

Comment 8 Rolf Eike Beer archtester

2020-03-17 18:29:25 UTC

hppa stable

Comment 9 Sam James archtester

2020-03-18 15:41:05 UTC

@maintainer(s), please cleanup!

Comment 10 Larry the Git Cow gentoo-dev

2020-03-25 19:15:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a61b415291233346e34da87702c2c3c292d3bdf

commit 2a61b415291233346e34da87702c2c3c292d3bdf
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 19:15:14 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 19:15:14 +0000

    net-analyzer/nmap: security cleanup (bug #711308)
    
    Bug: https://bugs.gentoo.org/711308
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-analyzer/nmap/Manifest            |   1 -
 net-analyzer/nmap/nmap-7.70-r1.ebuild | 195 ----------------------------------
 2 files changed, 196 deletions(-)

Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-25 19:16:07 UTC

GLSA Vote: No

Repository is clean, all done!