Ubuntu update for libssh
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-6004 CVE-2023-6918 |
| CWE-ID | CWE-78 CWE-252 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system libssh-gcrypt-4 (Ubuntu package) Operating systems & Components / Operating system package or component libssh-4 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU84538
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6004
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.
Mitigation
Update the affected package libssh to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 18.04
libssh-gcrypt-4 (Ubuntu package): before Ubuntu Pro
libssh-4 (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6592-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Unchecked Return Value
EUVDB-ID: #VU84540
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6918
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.
Update the affected package libssh to the latest version.
Vulnerable software versionsUbuntu: 16.04 - 18.04
libssh-gcrypt-4 (Ubuntu package): before Ubuntu Pro
libssh-4 (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6592-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
