製品・ソフトウェアに関する情報

JVN脆弱性詳細

libssh の package_cb.c におけるサービス運用妨害 (DoS) の脆弱性

Title	libssh の package_cb.c におけるサービス運用妨害 (DoS) の脆弱性
Summary	libssh の package_cb.c の (1) SSH_MSG_NEWKEYS および (2) SSH_MSG_KEXDH_REPLY パケットハンドラは、ステートを適切に検証しないため、サービス運用妨害 (NULL ポインタデリファレンスおよびクラッシュ) 状態にされる脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-476: NULL Pointer Dereference (NULL ポインタデリファレンス) と識別されています。 http://cwe.mitre.org/data/definitions/476.html
Possible impacts	第三者により、巧妙に細工された SSH パケットを介して、サービス運用妨害 (NULL ポインタデリファレンスおよびクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 30, 2015, midnight
Registration Date	April 21, 2016, 4 p.m.
Last Update	April 21, 2016, 4 p.m.

Affected System

Debian

Debian GNU/Linux 7.0

Debian GNU/Linux 8.0

Fedora Project

Fedora 21

Fedora 22

Canonical

Ubuntu 12.04 LTS

Ubuntu 14.04 LTS

Ubuntu 15.10

libssh

libssh 0.6.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-3146	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3146
libssh
2	CVE-2015-3146: Fix state validation in packet handlers	https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f
National Vulnerability Database (NVD)
3	CVE-2015-3146	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3146

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-3488	https://www.debian.org/security/2016/dsa-3488
Fedora Update Notification
2	FEDORA-2015-10962	https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html
3	FEDORA-2015-7590	https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html
libssh
4	libssh 0.6.5 (Security and bugfix release)	https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
5	Null pointer dereference in NEWKEYS + KEXDH_REPLY packet	https://www.libssh.org/security/advisories/CVE-2015-3146.txt
Ubuntu Security Notice
6	USN-2912-1	http://www.ubuntu.com/usn/USN-2912-1/

Change Log

No	Changed Details	Date of change
0	[2016年04月21日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-3146

Summary	The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Publication Date	April 14, 2016, 2:59 a.m.
Registration Date	Jan. 26, 2021, 2:49 p.m.
Last Update	Nov. 21, 2024, 11:28 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:libssh:libssh::::::::			0.6.4

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html
3	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html
4	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html
5	http://www.debian.org/security/2016/dsa-3488
6	http://www.debian.org/security/2016/dsa-3488
7	http://www.ubuntu.com/usn/USN-2912-1
8	http://www.ubuntu.com/usn/USN-2912-1
9	https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f
10	https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f
11	https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/	Vendor Advisory
12	https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/	Vendor Advisory
13	https://www.libssh.org/security/advisories/CVE-2015-3146.txt	Vendor Advisory
14	https://www.libssh.org/security/advisories/CVE-2015-3146.txt	Vendor Advisory

Common Vulnerabilities List