SB2016022415 - Information disclosure in libssh2 (Alpine package)
Published: February 24, 2016
Security Bulletin ID
SB2016022415
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-0787)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=f22202d45a51e00f49f00bbffe188d60c527c3d8
- https://git.alpinelinux.org/aports/commit/?id=172d419b0e074112384b90baca96f8494e026a72
- https://git.alpinelinux.org/aports/commit/?id=3bf1d9071528d84001ffc0f7565000af2c20023b
- https://git.alpinelinux.org/aports/commit/?id=688a2e4d988804f9f34688392292719f005228b5
- https://git.alpinelinux.org/aports/commit/?id=c4c2b245a1141cec029d5c70e6445c3428346bdc