Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-0017HistoryMar 14, 2014 - 3:55 p.m.
CVE-2014-0017
2014-03-1415:55:05
Debian Security Bug Tracker
security-tracker.debian.org
15
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libssh | <Β 0.5.4-3 | libssh_0.5.4-3_all.deb |
| Debian | 11 | all | libssh | <Β 0.5.4-3 | libssh_0.5.4-3_all.deb |
| Debian | 999 | all | libssh | <Β 0.5.4-3 | libssh_0.5.4-3_all.deb |
| Debian | 13 | all | libssh | <Β 0.5.4-3 | libssh_0.5.4-3_all.deb |
Related
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 7 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 9 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
gentoo
gentoo
LibSSH: Information disclosure
2014-08-10 00:00:00
nessus
nessus
GLSA-201408-03 : LibSSH: Information disclosure
2014-08-11 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : libssh vulnerability (USN-2145-1)
2014-03-13 00:00:00
openSUSE Security Update : libssh (openSUSE-SU-2014:0366-1)
2014-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: libssh-0.6.3-1.fc20
2014-03-07 06:38:59
[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19
2014-03-15 15:21:52
[SECURITY] Fedora 20 Update: libssh-0.6.4-1.fc20
2015-01-03 19:10:54
debian
debian
[SECURITY] [DSA 2879-1] libssh security update
2014-03-13 21:54:28
openvas
openvas
Fedora Update for libssh FEDORA-2014-3473
2014-03-12 00:00:00
Ubuntu: Security Advisory (USN-2145-1)
2014-03-17 00:00:00
Fedora Update for libssh FEDORA-2014-3473
2014-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-0017
2014-03-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-14 15:55:00
freebsd
freebsd
libssh -- PRNG state reuse on forking servers
2014-03-05 00:00:00
securityvulns
securityvulns
libssh PRNG attacks
2014-03-13 00:00:00
[USN-2145-1] libssh vulnerability
2014-03-13 00:00:00
ubuntu
ubuntu
libssh vulnerability
2014-03-12 00:00:00
seebug
seebug
LibsshιζΊε·η ηζε¨ζΌζ΄(CVE-2014-0017)
2014-03-07 00:00:00
mageia
mageia
Updated libssh package fixes security vulnerability
2014-03-06 03:17:12
nvd
nvd
CVE-2014-0017
2014-03-14 15:55:05
cve
cve
CVE-2014-0017
2014-03-14 15:55:05
osv
osv
libssh - security update
2014-03-13 00:00:00
cvelist
cvelist
CVE-2014-0017
2014-03-14 15:00:00
slackware
slackware
[slackware-security] libssh
2015-04-22 01:20:42
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Related for DEBIANCVE:CVE-2014-0017