libssh [buster] vulnerable code introduced later.

Tobias Frost (@tobi) Sun, 21 May 2023 06:56:24 -0700


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
60062332 by Tobias Frost at 2023-05-21T15:56:01+02:00
CVE-2023-2283/libssh [buster] vulnerable code introduced later.

Vulnerablity is in function pki_verify_data_signature and explained in [1]

Commit that introduces vulnerable function:
https://git.libssh.org/projects/libssh.git/commit/?id=fd94465

Commit that starts using the function:
https://git.libssh.org/projects/libssh.git/commit/?id=db51fa1

git tag --contains fd94465 shows that this commit no earlier than 0.9.0 part of 
any release.

The implementation present in buster, 0.8.7, does not have the refactoring
and errors out correctly with return SSH_ERROR in the verify functiob 
pki_signature_verify
that will in a later version call the vulnearble pki_verify_data_signature().

[1] https://www.libssh.org/security/advisories/CVE-2023-2283.txt

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1653,9 +1653,11 @@ CVE-2023-31207 (Transmission of credentials within query 
parameters in Checkmk <
 CVE-2023-2283 [Authorization bypass in pki_verify_data_signature]
        RESERVED
        - libssh 0.10.5-1 (bug #1035832)
+       [buster] - libssh <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt
        NOTE: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d
 (libssh-0.10.5)
        NOTE: 
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d
 (libssh-0.10.5)
+       NOTE: Commit 
https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces 
vulnerable function (libssh-0.9.0)
 CVE-2023-2282 (Improper access control in the Web Login listener in 
Devolutions Remot ...)
        NOT-FOR-US: Devolutions
 CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related 
Websoc ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2023-2283/libssh [buster] vulnerable code introduced later.

Reply via email to