Release date:
Updated on:
Affected Systems:
Libssh <= 0.5.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56848
CVE (CAN) ID: CVE-2012-6063
Libssh is a C language development kit used to access the SSH service. It can execute remote commands and file transmission, and provide a secure transmission channel for remote programs.
The sftp_mkdir function in sftp. c versions earlier than libssh 0.5.3 has a secondary release vulnerability. Remote attackers can exploit this vulnerability to cause DoS or execute arbitrary code.
<* Source: Florian weian (Weimer@CERT.Uni-Stuttgart.DE)
Link: https://bugzilla.RedHat.com/show_bug.cgi? CVE-2012-4559
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Libssh
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Www.libssh.org