CVE-2012-4559: Double Free
First published: Tue Oct 30 2012(Updated: )
Florian Weimer of the Red Hat Product Security Team reported several instances of code in libssh where a heap region is deallocated twice, first in the main path and then on the error path. This could crash the process using libssh, or possible allow for the execution of arbitrary code. The identified affected variables are: agent.c:agent_sign_data(): request channels.c:channel_request(): req auth.c:ssh_userauth_pubkey(): user, service, method, algo, pkstr sftp.c:sftp_parse_attr_3(): longname, name sftp.c:sftp_mkdir(): buffer, path keyfiles.c:try_publickey_from_file(): pubkey sftp.c:sftp_mkdir() has been corrected via the following git commit: <a href="http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2">http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libssh | <0.5.3 | 0.5.3 |
| Ubuntu | <=0.5.2 | |
| Ubuntu | =0.4.7 | |
| Ubuntu | =0.4.8 | |
| Ubuntu | =0.5.0 | |
| Ubuntu | =0.5.0-rc1 | |
| Ubuntu | =0.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html
- http://www.debian.org/security/2012/dsa-2577
- http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:175
- http://www.openwall.com/lists/oss-security/2012/11/20/3
- http://www.securityfocus.com/bid/56604
- http://www.ubuntu.com/usn/USN-1640-1
- https://bugzilla.redhat.com/show_bug.cgi?id=871612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80218
- http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644659&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644659&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644660&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644660&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644661&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644661&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644984&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644984&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644985&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644985&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644986&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644986&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=878521
- https://access.redhat.com/security/cve/CVE-2012-6063
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6063
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=871612
- https://access.redhat.com/security/cve/CVE-2012-4559
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559
Frequently Asked Questions
What is the severity of CVE-2012-4559?
CVE-2012-4559 has been classified with a critical severity due to the potential for arbitrary code execution or process crashes.
How do I fix CVE-2012-4559?
To fix CVE-2012-4559, upgrade libssh to version 0.5.4 or higher, which contains the necessary security patches.
Which versions of libssh are affected by CVE-2012-4559?
Versions of libssh prior to 0.5.4, including 0.5.3 and earlier, are affected by CVE-2012-4559.
What are the potential risks of CVE-2012-4559?
The potential risks of CVE-2012-4559 include application crashes or the execution of arbitrary code, compromising system integrity.
Is my system vulnerable to CVE-2012-4559?
If you are using libssh version 0.5.3 or earlier, your system is vulnerable to CVE-2012-4559.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4559
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/libssh
- canonical/ubuntu
- version/ubuntu/0.5.2
- version/ubuntu/0.4.7
- version/ubuntu/0.4.8
- version/ubuntu/0.5.0
- version/ubuntu/0.5.0-rc1
- version/ubuntu/0.5.1