[3.1] libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length (CVE-2016-0739)
libssh versions 0.1 and above have a bits/bytes confusion bug and
generate the
an anormaly short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes
of 1024
and 2048 bits respectively. There are practical algorithms (Baby
steps/Giant
steps, Pollard’s rho) that can solve this problem in O (2^63)
operations.
Fixed In Version:
libssh 0.7.3
References:
https://www.libssh.org/security/advisories/CVE-2016-0739.txt
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-0739
(from redmine: issue id 5175, created on 2016-02-24, closed on 2016-03-01)
- Relations:
- parent #5171 (closed)
- Changesets:
- Revision ac980673 on 2016-02-26T11:05:20Z:
main/libssh: upgrade to 0.6.5, security fix (CVE-2016-0739). Fixes #5175
(cherry picked from commit 8fd14512598c4438817e0c3b405cfa648fc72898)