Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2022-01073

Опубликовано: 31 авг. 2021
Источник: fstec
CVSS3: 6.5
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость библиотеки libssh связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Сообщество свободного программного обеспечения
Red Hat Inc.
Canonical Ltd.
Fedora Project
АО «ИВК»
АО "НППКТ"
IBM Corp.

Наименование ПО

Debian GNU/Linux
Red Hat Enterprise Linux
Ubuntu
libssh
Fedora
Альт 8 СП
ОСОН ОСнова Оnyx
IBM Robotic Process Automation

Версия ПО

9 (Debian GNU/Linux)
8 (Red Hat Enterprise Linux)
10 (Debian GNU/Linux)
20.04 (Ubuntu)
до 0.9.4 (libssh)
33 (Fedora)
34 (Fedora)
11 (Debian GNU/Linux)
35 (Fedora)
21.10 (Ubuntu)
- (Альт 8 СП)
до 2.5 (ОСОН ОСнова Оnyx)
до 21.0.3 (IBM Robotic Process Automation)

Тип ПО

Операционная система
Сетевое программное средство
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Сообщество свободного программного обеспечения Debian GNU/Linux 9
Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Canonical Ltd. Ubuntu 20.04
Fedora Project Fedora 33
Fedora Project Fedora 34
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Fedora Project Fedora 35
Canonical Ltd. Ubuntu 21.10
АО «ИВК» Альт 8 СП -

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 6,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для libssh:
Обновление программного обеспечения до версии 0.9.6 и выше
Для Debian GNU/Linux:
https://www.debian.org/security/2021/dsa-4965
Для программных продуктов Red Hat Inc.:
https://bugzilla.redhat.com/show_bug.cgi?id=1978810
Для Ubuntu:
https://ubuntu.com/security/CVE-2021-3634
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6615217
Для ОСОН Основа:
Обновление программного обеспечения libssh до версии 0.9.5-1+deb11u1
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 30%
0.00108
Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2021-3634

CVSS3: 6.5
ubuntu
почти 4 года назад

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

redhat логотип

CVE-2021-3634

CVSS3: 3.5
redhat
почти 4 года назад

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

nvd логотип

CVE-2021-3634

CVSS3: 6.5
nvd
почти 4 года назад

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

debian логотип

CVE-2021-3634

CVSS3: 6.5
debian
почти 4 года назад

A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...

rocky логотип

RLSA-2022:2031

rocky
около 3 лет назад

Low: libssh security, bug fix, and enhancement update

EPSS

Процентиль: 30%
0.00108
Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2