[Git][security-tracker-team/security-tracker][master] CVE-2023-2283/libssh [buster] vulnerable code introduced later.
Tobias Frost (@tobi)
tobi at debian.org
Sun May 21 14:56:15 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60062332 by Tobias Frost at 2023-05-21T15:56:01+02:00
CVE-2023-2283/libssh [buster] vulnerable code introduced later.
Vulnerablity is in function pki_verify_data_signature and explained in [1]
Commit that introduces vulnerable function:
https://git.libssh.org/projects/libssh.git/commit/?id=fd94465
Commit that starts using the function:
https://git.libssh.org/projects/libssh.git/commit/?id=db51fa1
git tag --contains fd94465 shows that this commit no earlier than 0.9.0 part of any release.
The implementation present in buster, 0.8.7, does not have the refactoring
and errors out correctly with return SSH_ERROR in the verify functiob pki_signature_verify
that will in a later version call the vulnearble pki_verify_data_signature().
[1] https://www.libssh.org/security/advisories/CVE-2023-2283.txt
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1653,9 +1653,11 @@ CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <
CVE-2023-2283 [Authorization bypass in pki_verify_data_signature]
RESERVED
- libssh 0.10.5-1 (bug #1035832)
+ [buster] - libssh <not-affected> (Vulnerable code introduced later)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt
NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5)
NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5)
+ NOTE: Commit https://git.libssh.org/projects/libssh.git/commit/?id=fd94465 introduces vulnerable function (libssh-0.9.0)
CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
NOT-FOR-US: Devolutions
CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60062332c17f97333c483413f0240c2aa2b88e61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230521/17fb32db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list