CVE-2016-0739

NameCVE-2016-0739
Descriptionlibssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-425-1, DSA-3488-1
NVD severitymedium (attack range: remote)
Debian Bugs815663

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libssh (PTS)wheezy, wheezy (security)0.5.4-1+deb7u3fixed
jessie (security), jessie0.6.3-4+deb8u2fixed
stretch0.7.3-2fixed
buster, sid0.8.0~20170825.94fa1e38-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsshsource(unstable)0.6.3-4.3medium815663
libsshsourcejessie0.6.3-4+deb8u2mediumDSA-3488-1
libsshsourcesqueeze0.4.5-3+squeeze3mediumDLA-425-1
libsshsourcewheezy0.5.4-1+deb7u3mediumDSA-3488-1

Notes

Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86

Search for package or bug name: Reporting problems