[arch-security] [ASA-201602-18] libssh: man-in-the-middle
Remi Gacogne
rgacogne at archlinux.org
Tue Feb 23 20:29:23 UTC 2016
Arch Linux Security Advisory ASA-201602-18
==========================================
Severity: High
Date : 2016-02-23
CVE-ID : CVE-2016-0739
Package : libssh
Type : man-in-the-middle
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libssh before version 0.7.3-1 is vulnerable to
man-in-the-middle.
Resolution
==========
Upgrade to 0.7.3-1.
# pacman -Syu "libssh>=0.7.3-1"
The problem has been fixed upstream in version 0.7.3.
Workaround
==========
This issue may be worked around by using other key exchange methods,
such as curve25519-sha256 at libssh.org or ecdh-sha2-nistp256, both are not
vulnerable. By default, an unpatched libssh implementation will already
attempt to use these two more secure methods when supported by the other
party.
Description
===========
libssh versions 0.1 and above have a bits/bytes confusion bug and
generate the an anormaly short ephemeral secret for the
diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes
of 1024 and 2048 bits respectively. There are practical algorithms (Baby
steps/Giant steps, Pollard’s rho) that can solve this problem in O(2^63)
operations.
Both client and server are are vulnerable, pre-authentication. This
vulnerability could be exploited by an eavesdropper with enough
resources to decrypt or intercept SSH sessions. The bug was found during
an internal code review by Aris Adamantiadis of the libssh team.
Impact
======
A remote attacker can use this flaw to decrypt or intercept SSH sessions.
References
==========
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
https://access.redhat.com/security/cve/CVE-2016-0739
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160223/11e39819/attachment.asc>
More information about the arch-security
mailing list