Bug 1128493 - (CVE-2019-3863) VUL-0: CVE-2019-3863: libssh2_org: Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes with specially crafted keyboard responses
(CVE-2019-3863)
VUL-0: CVE-2019-3863: libssh2_org: Integer overflow in user authenicate keybo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/225980/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-08 11:07 UTC by Karol Babioch
Modified: 2019-05-22 00:48 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-03-08 11:07:53 UTC
Integer overflow in user authenicate keyboard interactive allows out-of-bounds
writes with specially crafted keyboard responses

=======================================

Project libssh2 Security Advisory, <date> -
[Permalink](<link>)

VULNERABILITY
-------------

A server could send a multiple keyboard interactive response messages whose
total length are greater than unsigned char max characters. This value is
used as an index to copy memory causing in an out of bounds memory write error.
(CWE-130).

There are no known exploits of this flaw at this time.

INFO
----

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
<assigned CVE> to this issue.

AFFECTED VERSIONS
-----------------

- Affected versions: versions 0.1 up to and including 1.8.0
- Not affected versions: libssh2 >= 1.8.1

THE SOLUTION
------------

libssh2 1.8.1 ensures the current memory index value plus the length of the
response message will fit into the memory buffer before copying the value and
incrementing the index value.

A patch for this problem is available at:

    <patch URL>

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade to libssh2 1.8.1 or later

B - Apply the patch and rebuild libssh2

TIME LINE
---------

It was first reported to the libssh2 project on Dec 3 2018 by Chris Coulson.

libssh2 1.8.1 was released on <date>, coordinated with the
publication of this advisory.

CREDITS
-------

Reported by Chris Coulson of Canonical Ltd.
Comment 2 Karol Babioch 2019-03-08 11:08:36 UTC
CRD: 2019-03-13
URL: https://libssh2.org/9/10.txt
Comment 7 Karol Babioch 2019-03-19 06:07:58 UTC
Making public.
Comment 9 Swamp Workflow Management 2019-03-20 13:18:28 UTC
SUSE-SU-2019:13982-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
SUSE Linux Enterprise Server 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
Comment 10 Swamp Workflow Management 2019-03-20 14:13:03 UTC
SUSE-SU-2019:0655-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE OpenStack Cloud 7 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Enterprise Storage 4 (src):    libssh2_org-1.4.3-20.3.1
SUSE CaaS Platform ALL (src):    libssh2_org-1.4.3-20.3.1
SUSE CaaS Platform 3.0 (src):    libssh2_org-1.4.3-20.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    libssh2_org-1.4.3-20.3.1
Comment 13 Swamp Workflow Management 2019-03-28 20:11:09 UTC
openSUSE-SU-2019:1075-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
openSUSE Leap 42.3 (src):    libssh2_org-1.4.3-19.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-03-29 23:17:45 UTC
SUSE-SU-2019:13997-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libssh2_org-1.2.9-4.2.12.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libssh2_org-1.2.9-4.2.12.5.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-04-02 16:15:16 UTC
openSUSE-SU-2019:1109-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
openSUSE Leap 15.0 (src):    libssh2_org-1.8.0-lp150.3.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 16 Marcus Meissner 2019-05-09 05:42:23 UTC
released