๐ OpenSSH 6.4 J-PAKE Protocol schnorr.c hash_buffer memory corruption
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability classified as problematic was found in OpenSSH 6.4 (Connectivity Software). This vulnerability affects the function hash_buffer
of the file schnorr.c of the component J-PAKE Protocol Handler. Upgrading to version 6.5 eliminates this vulnerability. The upgrade is hosted for download at openbsd.org.Proper firewalling of tcp/22 (ssh) is able to address this issue. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability. ...