[Security News] Fault LIBSSH CVE-2016-0739

February 23, 2016 a libssh flaw was discovered.

That allows?

Due to a bug of confusion between bits and bytes generated secret key may be much shorter than it should (128 bits instead of 1024 or 2048).
This flaw is easily exploitable but it would decrypt a ssh session.

Since when does it exist?

All versions since the 0.1 are concerned.

How to fix the?

-Change the key authentication method.
-Put update libssh.

Links related to this fault

Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739
libssh: https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/


Add new comment