Bug 1148742 – VUL-0: CVE-2017-18594: nmap: nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse

Bug 1148742 - (CVE-2017-18594) VUL-0: CVE-2017-18594: nmap: nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse

(CVE-2017-18594)
Summary:	VUL-0: CVE-2017-18594: nmap: nse_libssh2.cc in Nmap 7.70 is subject to a deni...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/241408/
Whiteboard:	CVSSv3:SUSE:CVE-2017-18594:6.5:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-08-29 10:00 UTC by Wolfgang Frisch
Modified:	2020-07-09 14:32 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
nmap-CVE-2017-18594.patch (1.11 KB, patch) 2019-08-29 10:59 UTC, Wolfgang Frisch	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-08-29 10:00:31 UTC

CVE-2017-18594

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a
double free when an SSH connection fails, as demonstrated by a leading \n
character to ssh-brute.nse or ssh-auth-methods.nse.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18594
https://github.com/nmap/nmap/issues/1227
https://github.com/nmap/nmap/issues/1077
https://seclists.org/nmap-dev/2018/q2/45
https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF
https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad
https://seclists.org/nmap-announce/2019/0

Comment 1 Wolfgang Frisch 2019-08-29 10:58:10 UTC

Not affected (nse_libssh2 does not exist yet):
SUSE:SLE-10-SP3:Update 
SUSE:SLE-11:Update
SUSE:SLE-12:Update

Affected:
SUSE:SLE-15:Update

Comment 2 Wolfgang Frisch 2019-08-29 10:59:29 UTC

Created attachment 816229 [details]
nmap-CVE-2017-18594.patch

This upstream patch applies cleanly to SUSE:SLE-15:Update.

Comment 3 Kristyna Streitova 2019-09-18 15:57:02 UTC

Submitted to SLE15 via mr#201113.
openSUSE:Factory is not affected.

Reassigning it back to the security team.

Comment 5 Swamp Workflow Management 2019-09-20 22:11:02 UTC

SUSE-SU-2019:2425-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1135350,1148742
CVE References: CVE-2017-18594,CVE-2018-15173
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    nmap-7.70-3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Swamp Workflow Management 2019-09-26 10:11:17 UTC

openSUSE-SU-2019:2198-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1135350,1148742
CVE References: CVE-2017-18594,CVE-2018-15173
Sources used:
openSUSE Leap 15.0 (src):    nmap-7.70-lp150.2.9.1

Comment 7 Swamp Workflow Management 2019-09-26 10:12:47 UTC

openSUSE-SU-2019:2200-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1135350,1148742
CVE References: CVE-2017-18594,CVE-2018-15173
Sources used:
openSUSE Leap 15.1 (src):    nmap-7.70-lp151.3.9.1

Comment 8 Swamp Workflow Management 2020-07-08 13:20:20 UTC

SUSE-SU-2019:2425-2: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1135350,1148742
CVE References: CVE-2017-18594,CVE-2018-15173
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    nmap-7.70-3.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    nmap-7.70-3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Alexandros Toptsoglou 2020-07-09 14:32:59 UTC

Done