OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 04:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://0day.life/exploits/0day-1009.html - Exploit, Third Party Advisory | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=1153537 - Issue Tracking, Third Party Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Third Party Advisory | |
References | () https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c - Release Notes, Vendor Advisory | |
References | () https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h - Patch | |
References | () https://security.gentoo.org/glsa/201911-01 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20191024-0003/ - Third Party Advisory | |
References | () https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow - Exploit, Third Party Advisory | |
References | () https://www.openssh.com/releasenotes.html - Release Notes | |
References | () https://www.openwall.com/lists/oss-security/2019/10/09/1 - Mailing List, Third Party Advisory |
01 Mar 2023, 01:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:scalance_x204rna_ecc_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_x204rna_ecc:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf - Third Party Advisory |
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2022, 18:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
|
References | (MISC) https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://www.openssh.com/releasenotes.html - Release Notes, Vendor Advisory | |
References | (MISC) https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow - Exploit, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201911-01 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191024-0003/ - Third Party Advisory | |
References | (MISC) https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h - Patch, Vendor Advisory |
Information
Published : 2019-10-09 20:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16905
Mitre link : CVE-2019-16905
CVE.ORG link : CVE-2019-16905
JSON object : View
Products Affected
siemens
- scalance_x204rna_firmware
- scalance_x204rna_ecc
- scalance_x204rna
- scalance_x204rna_ecc_firmware
netapp
- steelstore_cloud_integrated_storage
- cloud_backup
openbsd
- openssh
CWE
CWE-190
Integer Overflow or Wraparound