Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 444147 (CVE-2012-4559) - <net-libs/libssh-0.5.3 : multiple vulnerabilities (CVE-2012-{4559,4560,4561,4562,6063})
Summary: <net-libs/libssh-0.5.3 : multiple vulnerabilities (CVE-2012-{4559,4560,4561,4...
Status: RESOLVED FIXED
Alias: CVE-2012-4559
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-21 11:12 UTC by Agostino Sarubbo
Modified: 2014-02-21 16:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-21 11:12:01 UTC
From http://www.openwall.com/lists/oss-security/2012/11/20/3 :

As reported to distros@ on 20121114:

A number of flaws were found in libssh prior to 0.5.3 by Xi Wang and Florian
Weimer of the Red Hat Product Security Team:

CVE-2012-4559: multiple double free() flaws
CVE-2012-4560: multiple buffer overflow flaws
CVE-2012-4561: multiple invalid free() flaws
CVE-2012-4562: multiple improper overflow checks

http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4559
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4560
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4561
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4562

Patches for the flaws are attached to the bugs in our bugzilla.
Comment 1 Tim Harder gentoo-dev 2012-11-24 22:51:30 UTC
0.5.3 added to CVS. Feel free to start the stabilization process.
Comment 2 Sergey Popov gentoo-dev 2012-11-25 10:17:34 UTC
Arches, please test and mark stable =net-libs/libssh-0.5.3

Target keywords: amd64 ppc ppc64 x86
Comment 3 Agostino Sarubbo gentoo-dev 2012-11-25 10:54:43 UTC
amd64 stable
Comment 4 Dan Dexter 2012-11-25 22:44:18 UTC
Archtested on x86: Everything OK.
- Package compiles with all USE-flags combinations and all 9 tests in the test phase pass.
- Rdeps successfully compile and link against =net-libs/libssh-0.5.3
- Repoman reports no warnings.
- Verified functionality of libssh by using net-analyzer/hydra, no discrepancies found.
Comment 5 Agostino Sarubbo gentoo-dev 2012-11-29 16:59:55 UTC
ppc stable
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-12-01 13:54:53 UTC
CVE-2012-6063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6063):
  Double free vulnerability in the sftp_mkdir function in sftp.c in libssh
  before 0.5.3 allows remote attackers to cause a denial of service (crash)
  and possibly execute arbitrary code via unspecified vectors, a different
  vector than CVE-2012-4559.

CVE-2012-4562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4562):
  Multiple integer overflows in libssh before 0.5.3 allow remote attackers to
  cause a denial of service (infinite loop or crash) and possibly execute
  arbitrary code via unspecified vectors, which triggers a buffer overflow,
  infinite loop, or possibly some other unspecified vulnerabilities.

CVE-2012-4561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4561):
  The (1) publickey_make_dss, (2) publickey_make_rsa, (3)
  signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id
  functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an
  error path," which might allow remote attackers cause a denial of service
  (crash) via unspecified vectors.

CVE-2012-4560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4560):
  Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to
  cause a denial of service (crash) or possibly execute arbitrary code via
  unspecified vectors.

CVE-2012-4559 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4559):
  Multiple double free vulnerabilities in the (1) agent_sign_data function in
  agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey
  function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5)
  try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via unspecified vectors.
Comment 7 Anthony Basile gentoo-dev 2012-12-01 16:39:58 UTC
stable ppc64
Comment 8 Andreas Schürch gentoo-dev 2012-12-03 11:16:01 UTC
x86 done, Thanks Dan Dexter for testing.
Last arch!
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-03 11:59:43 UTC
Thanks, everyone.

GLSA draft ready.
Comment 10 Andreas K. Hüttel gentoo-dev 2013-03-06 12:03:45 UTC
Nothing to do for kde here anymore.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-02-21 16:11:37 UTC
This issue was resolved and addressed in
 GLSA 201402-26 at http://security.gentoo.org/glsa/glsa-201402-26.xml
by GLSA coordinator Chris Reffett (creffett).