Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711308 (CVE-2017-18594) - <net-analyzer/nmap-7.80: denial of service condition due to a double free when SSH connection fails (CVE-2017-18594)
Summary: <net-analyzer/nmap-7.80: denial of service condition due to a double free whe...
Status: RESOLVED FIXED
Alias: CVE-2017-18594
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://seclists.org/nmap-dev/2018/q2/45
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-02 11:37 UTC by Sam James (sec padawan)
Modified: 2020-03-25 19:16 UTC (History)
1 user (show)

See Also:
Package list:
net-analyzer/nmap-7.80-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-02 11:37:44 UTC
Description:
"nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse."

Patch: https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad
Comment 1 Agostino Sarubbo gentoo-dev 2020-03-15 18:26:30 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-15 18:28:04 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-15 18:29:28 UTC
ia64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-15 18:32:10 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-15 18:34:49 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-15 18:37:10 UTC
sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-15 18:43:32 UTC
x86 stable
Comment 8 Rolf Eike Beer 2020-03-17 18:29:25 UTC
hppa stable
Comment 9 Sam James (sec padawan) 2020-03-18 15:41:05 UTC
@maintainer(s), please cleanup!
Comment 10 Larry the Git Cow gentoo-dev 2020-03-25 19:15:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a61b415291233346e34da87702c2c3c292d3bdf

commit 2a61b415291233346e34da87702c2c3c292d3bdf
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 19:15:14 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 19:15:14 +0000

    net-analyzer/nmap: security cleanup (bug #711308)
    
    Bug: https://bugs.gentoo.org/711308
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-analyzer/nmap/Manifest            |   1 -
 net-analyzer/nmap/nmap-7.70-r1.ebuild | 195 ----------------------------------
 2 files changed, 196 deletions(-)
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-03-25 19:16:07 UTC
GLSA Vote: No

Repository is clean, all done!