ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0119
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0119)
Resumen:	The remote host is missing an update for the 'libssh' package(s) announced via the MGASA-2014-0119 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libssh' package(s) announced via the MGASA-2014-0119 advisory. Vulnerability Insight: When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain conditions leak their private key (CVE-2014-0017). Affected Software/OS: 'libssh' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0017 57407 http://secunia.com/advisories/57407 DSA-2879 http://www.debian.org/security/2014/dsa-2879 USN-2145-1 http://www.ubuntu.com/usn/USN-2145-1 [oss-security] 20140305 libssh and stunnel PRNG flaws http://www.openwall.com/lists/oss-security/2014/03/05/1 http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/ https://bugzilla.redhat.com/show_bug.cgi?id=1072191 openSUSE-SU-2014:0366 http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html openSUSE-SU-2014:0370 http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.