ID

VAR-201910-0984


CVE

CVE-2019-16905


TITLE

OpenSSH Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010763

DESCRIPTION

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. OpenSSH Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201911-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Integer overflow Date: November 07, 2019 Bugs: #697046 ID: 201911-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An integer overflow in OpenSSH might allow an attacker to execute arbitrary code. Background ========== OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. NOTE: This USE flag is disabled by default! Impact ====== A remote attacker could connect to a vulnerable OpenSSH server using a special crafted XMSS key possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== Disable XMSS key type. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-misc/openssh/openssh-8.0_p1-r4" References ========== [ 1 ] CVE-2019-16905 https://nvd.nist.gov/vuln/detail/CVE-2019-16905 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201911-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.8

sources: NVD: CVE-2019-16905 // JVNDB: JVNDB-2019-010763 // VULMON: CVE-2019-16905 // PACKETSTORM: 155205

AFFECTED PRODUCTS

vendor:openbsdmodel:opensshscope:gteversion:8.0

Trust: 1.0

vendor:siemensmodel:scalance x204rnascope:ltversion:3.2.7

Trust: 1.0

vendor:siemensmodel:scalance x204rna eccscope:ltversion:3.2.7

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:openbsdmodel:opensshscope:lteversion:7.9

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:openbsdmodel:opensshscope:ltversion:8.1

Trust: 1.0

vendor:openbsdmodel:opensshscope:gteversion:7.7

Trust: 1.0

vendor:openbsdmodel:opensshscope:eqversion:8.1

Trust: 0.8

vendor:openbsdmodel:opensshscope:eqversion:7.7 to 7.9

Trust: 0.8

vendor:openbsdmodel:opensshscope:ltversion:8.x

Trust: 0.8

sources: JVNDB: JVNDB-2019-010763 // NVD: CVE-2019-16905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16905
value: HIGH

Trust: 1.0

NVD: CVE-2019-16905
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-599
value: HIGH

Trust: 0.6

VULMON: CVE-2019-16905
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16905
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-16905
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16905
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-16905 // JVNDB: JVNDB-2019-010763 // CNNVD: CNNVD-201910-599 // NVD: CVE-2019-16905

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-010763 // NVD: CVE-2019-16905

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-599

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-599

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010763

PATCH

title:CVS log for src/usr.bin/ssh/sshkey-xmss.curl:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c

Trust: 0.8

title:Diff for /src/usr.bin/ssh/sshkey-xmss.c between version 1.5 and 1.6url:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h

Trust: 0.8

title:Release Notesurl:https://www.openssh.com/releasenotes.html

Trust: 0.8

title:OpenSSH Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=99243

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2019-16905

Trust: 0.1

title:git-and-crumpetsurl:https://github.com/siddicky/git-and-crumpets

Trust: 0.1

sources: VULMON: CVE-2019-16905 // JVNDB: JVNDB-2019-010763 // CNNVD: CNNVD-201910-599

EXTERNAL IDS

db:NVDid:CVE-2019-16905

Trust: 2.6

db:SIEMENSid:SSA-412672

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2019/10/09/1

Trust: 1.7

db:JVNDBid:JVNDB-2019-010763

Trust: 0.8

db:PACKETSTORMid:155205

Trust: 0.7

db:CNNVDid:CNNVD-201910-599

Trust: 0.6

db:ICS CERTid:ICSA-22-349-21

Trust: 0.1

db:VULMONid:CVE-2019-16905

Trust: 0.1

sources: VULMON: CVE-2019-16905 // JVNDB: JVNDB-2019-010763 // PACKETSTORM: 155205 // CNNVD: CNNVD-201910-599 // NVD: CVE-2019-16905

REFERENCES

url:https://security.gentoo.org/glsa/201911-01

Trust: 1.8

url:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h

Trust: 1.7

url:https://www.openwall.com/lists/oss-security/2019/10/09/1

Trust: 1.7

url:https://www.openssh.com/releasenotes.html

Trust: 1.7

url:https://bugzilla.suse.com/show_bug.cgi?id=1153537

Trust: 1.7

url:https://0day.life/exploits/0day-1009.html

Trust: 1.7

url:https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20191024-0003/

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-16905

Trust: 1.5

url:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16905

Trust: 0.8

url:https://www.ibm.com/support/pages/node/1143460

Trust: 0.6

url:https://packetstormsecurity.com/files/155205/gentoo-linux-security-advisory-201911-01.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2019-16905

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110605

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULMON: CVE-2019-16905 // JVNDB: JVNDB-2019-010763 // PACKETSTORM: 155205 // CNNVD: CNNVD-201910-599 // NVD: CVE-2019-16905

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 155205 // CNNVD: CNNVD-201910-599

SOURCES

db:VULMONid:CVE-2019-16905
db:JVNDBid:JVNDB-2019-010763
db:PACKETSTORMid:155205
db:CNNVDid:CNNVD-201910-599
db:NVDid:CVE-2019-16905

LAST UPDATE DATE

2024-08-14T13:03:06.696000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-16905date:2023-03-01T00:00:00
db:JVNDBid:JVNDB-2019-010763date:2019-10-23T00:00:00
db:CNNVDid:CNNVD-201910-599date:2022-12-14T00:00:00
db:NVDid:CVE-2019-16905date:2023-03-01T01:56:11.220

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-16905date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010763date:2019-10-23T00:00:00
db:PACKETSTORMid:155205date:2019-11-08T15:36:32
db:CNNVDid:CNNVD-201910-599date:2019-10-09T00:00:00
db:NVDid:CVE-2019-16905date:2019-10-09T20:15:23.503