Bug 1128492 - (CVE-2019-3862) VUL-0: CVE-2019-3862: libssh2_org: Out-of-bounds memory comparison with specially crafted message channel request SSH packet
(CVE-2019-3862)
VUL-0: CVE-2019-3862: libssh2_org: Out-of-bounds memory comparison with speci...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/225979/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-08 11:06 UTC by Karol Babioch
Modified: 2019-07-11 06:55 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-03-08 11:06:34 UTC
Out-of-bounds memory comparison with specially crafted message channel request
SSH packet

=======================================

Project libssh2 Security Advisory, <date> -
[Permalink](<link>)

VULNERABILITY
-------------

A server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an
exit status message and no payload. This would result in an out of bounds
memory comparison (CWE-130).

There are no known exploits of this flaw at this time.

INFO
----

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
<assigned CVE> to this issue.

AFFECTED VERSIONS
-----------------

- Affected versions: versions 0.11 up to and including 1.8.0
- Not affected versions: libssh2 >= 1.8.1

THE SOLUTION
------------

libssh2 1.8.1 ensures the length of the packet is greater or equal to the value
being compared before calling memcmp().

A patch for this problem is available at:

    <patch URL>

RECOMMENDATIONS
---------------

We suggest you take one of the following actions immediately, in order of
preference:

A - Upgrade to libssh2 1.8.1 or later

B - Apply the patch and rebuild libssh2

TIME LINE
---------

It was first reported to the libssh2 project on Dec 3 2018 by Chris Coulson.

libssh2 1.8.1 was released on <date>, coordinated with the
publication of this advisory.

CREDITS
-------

Reported by Chris Coulson of Canonical Ltd.
Comment 2 Karol Babioch 2019-03-08 11:07:01 UTC
URL: https://libssh2.org/9/9.txt
CRD: 2019-03-13
Comment 8 Swamp Workflow Management 2019-03-20 13:18:20 UTC
SUSE-SU-2019:13982-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
SUSE Linux Enterprise Server 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libssh2_org-1.4.3-17.3.1
Comment 9 Swamp Workflow Management 2019-03-20 14:12:56 UTC
SUSE-SU-2019:0655-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE OpenStack Cloud 7 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Server 12-LTSS (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    libssh2_org-1.4.3-20.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libssh2_org-1.4.3-20.3.1
SUSE Enterprise Storage 4 (src):    libssh2_org-1.4.3-20.3.1
SUSE CaaS Platform ALL (src):    libssh2_org-1.4.3-20.3.1
SUSE CaaS Platform 3.0 (src):    libssh2_org-1.4.3-20.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    libssh2_org-1.4.3-20.3.1
Comment 12 Swamp Workflow Management 2019-03-28 20:11:02 UTC
openSUSE-SU-2019:1075-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
openSUSE Leap 42.3 (src):    libssh2_org-1.4.3-19.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-03-29 23:17:38 UTC
SUSE-SU-2019:13997-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libssh2_org-1.2.9-4.2.12.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libssh2_org-1.2.9-4.2.12.5.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-04-02 16:15:09 UTC
openSUSE-SU-2019:1109-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493
CVE References: CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
Sources used:
openSUSE Leap 15.0 (src):    libssh2_org-1.8.0-lp150.3.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Marcus Meissner 2019-07-11 06:55:49 UTC
done