GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Mar 15, 2020 7:26 pm Post subject: [ GLSA 202003-27 ] libssh |
 |
|
Gentoo Linux Security Advisory
Title: libssh: Arbitrary command execution (GLSA 202003-27)
Severity: normal
Exploitable: remote
Date: 2020-03-15
Bug(s): #701598
ID: 202003-27
Synopsis
A vulnerability in libssh could allow a remote attacker to execute
arbitrary commands.
Background
libssh is a multiplatform C library implementing the SSHv2 protocol on
client and server side.
Affected Packages
Package: net-libs/libssh
Vulnerable: < 0.9.3
Unaffected: >= 0.9.3
Architectures: All supported architectures
Description
It was discovered that libssh incorrectly handled certain scp commands.
Impact
A remote attacker could trick a victim into using a specially crafted
scp command, possibly resulting in the execution of arbitrary commands on
the server.
Workaround
There is no known workaround at this time.
Resolution
All libssh users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libssh-0.9.3"
|
References
CVE-2019-14889 |
|
News & Announcements
