[3.4] libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length (CVE-2016-0739)
libssh versions 0.1 and above have a bits/bytes confusion bug and
generate the
an anormaly short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes
of 1024
and 2048 bits respectively. There are practical algorithms (Baby
steps/Giant
steps, Pollard’s rho) that can solve this problem in O (2^63)
operations.
Fixed In Version:
libssh 0.7.3
References:
https://www.libssh.org/security/advisories/CVE-2016-0739.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-0739
(from redmine: issue id 5172, created on 2016-02-24, closed on 2016-03-01)
- Relations:
- parent #5171 (closed)
- Changesets:
- Revision 8967b28b on 2016-02-24T15:55:20Z:
main/libssh: security upgrade to 0.7.3 (CVE-2016-0739). Fixes #5172