The crash could kill a SSH server using libssh. However it depends on the the server process model how bad the situation can be. If you use a forked model to implement your server, the user will just kill its own connection.

Thanks to Yong Chuan Koh, X-Force Research for the report.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.4 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog

• CVE-2013-0176 – NULL dereference leads to denial of service
• Fixed several NULL pointer dereferences in SSHv1.
• Fixed a free crash bug in options parsing.

• CVE-2012-4559 – Fix multiple double free() flaws
• CVE-2012-4560 – Fix multiple buffer overflow flaws
• CVE-2012-4561 – Fix multiple invalid free() flaws
• CVE-2012-4562 – Fix multiple improper overflow checks

The double free in sftp_parse_attr_3() could be used for a Denial of Service attack against a libssh client implementation. The sftp server implementations are probably not vulnerable. However we suggest everyone to update to version 0.5.3.

Thanks to Xi Wang and Florian Weimer for the reports, help and fixes.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.3 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

The security patches are available as a tarball here.

ChangeLog

• CVE-2012-4559 Fixed multiple double free() flaws.
• CVE-2012-4560 Fixed multiple buffer overflow flaws.
• CVE-2012-4561 Fixed multiple invalid free() flaws.
• BUG #84 – Fix bug in sftp_mkdir not returning on error.
• BUG #85 – Fixed a possible channel infinite loop if the connection dropped.
• BUG #88 – Added missing channel request_state and set it to accepted.
• BUG #89 – Reset error state to no error on successful SSHv1 authentiction.
• Fixed a possible use after free in ssh_free().
• Fixed multiple possible NULL pointer dereferences.
• Fixed multiple memory leaks in error paths.
• Fixed timeout handling.
• Fixed regression in pre-connected socket setting.
• Handle all unknown global messages.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.2 here. For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

• Increased window size x10.
• Fixed SSHv1.
• Fixed bugged lists.
• Fixed use-after-free + inconsistent callbacks call in poll.
• Fixed scp documentation.
• Fixed possible infinite loop in channel_read().
• Fixed handling of short reads of sftp_async_read().
• Fixed handling request service timeout in blocking mode.
• Fixed ssh_auth_list() documentation.
• Fixed incorrect return values in ssh_channel_write().
• Fixed an infinite loop in the termination callback.
• Fixed handling of SSH_AGAIN in channel_open().
• Fixed “status -5 inflating zlib packet”

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.1 here (gpg asc). For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

• Added checks for NULL pointers in string.c.
• Set the channel max packet size to 32768.
• Don’t (de)compress empty buffers.
• Fixed ssh_scp_write so it works when doing recursive copy.
• Fixed another source of endless wait.
• Fixed an endless loop in case of a channel_open error.
• Fixed session timeout handling.
• Fixed ssh_channel_from_local() loop.
• Fixed permissions of scp example when we copy a file.
• Workaround ssh_get_user_home_dir on LDAP users.
• Added pkg-config support for libssh_threads.
• Fixed compilation without server and sftp modes.
• Fix static .lib overwriting on Windows.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.0 here. For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

• Added ssh_ prefix to all public functions.
• Added complete Windows support.
• Added improved server support.
• Added unit tests for a lot of functions.
• Added asynchronous service request.
• Added a multiplatform ssh_getpass() function.
• Added a tutorial.
• Added a lot of documentation.
• Fixed a lot of bugs.
• Fixed several memory leaks.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.0rc1 here.

ChangeLog:

• Added ssh_ prefix to all public functions.
• Added complete Windows support.
• Added improved server support.
• Added unit tests for a lot of functions.
• Added asynchronous service request.
• Added a multiplatform ssh_getpass() function.
• Added a tutorial.
• Added a lot of documentation.

See you at FOSDEM !

Aris

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.4.8 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora are available here and for openSUSE here.

ChangeLog:

• Fixed memory leaks in session signing.
• Fixed memory leak in ssh_print_hexa.
• Fixed problem with ssh_connect w/ timeout and fd > 1024.
• Fixed some warnings on OS/2.
• Fixed installation path for OS/2.

Users:

As a user you can report bugs to our bugtracking system at http://red.libssh.org/. Another way could be to package libssh for you distribution.

Application Developer:

As above you can report bugs. If you have an exotic platform and you’re not sure if libssh is supported on this platform you can take a look at our dashboard. If you can’t find your platform in the dashboard this doesn’t mean that libssh doesn’t work on it, it is just not actively supported.

If you want support for your platform there are two possibilities:

1. You report bugs and create patches and check regluarly if it still works on your platform.
2. You can provide a Nightly Build for libssh.

How does this work:

You need a machine with the following packages installed: cmake, cmockery, git, openssl, zlib
Grab the ctest instructions from: http://git.libssh.org/projects/libssh.git/tree/tests/ctest-default.cmake
Edit the file and change:

CTEST_DIRECTORY: The directory to use to do the git checkout and build
CTEST_SITE: Your hostname –fqdn
CTEST_BUILD_NAME: The build name e.g. Fedora_13-GCC_4.5-x86_64-default
CTEST_CMAKE_GENERATOR: The generator e.g. Unix Makefiles (see man ctest)
CTEST_MODEL: Which should be Nightly

Then run ctest with: ctest -S path/to/cmake-default.cmake

Contributor:

You can start to be an active contributor to libssh. Register at the mailing list and take a look in our bugtracker what needs to be done or fixed

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.4.7 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora are available here and for openSUSE here.

ChangeLog:

• Fixed a possible memory leak in ssh_get_user_home().
• Fixed a memory leak in sftp_xstat.
• Fixed uninitialized fd->revents member.
• Fixed timout value in ssh_channel_accept().
• Fixed length checks in ssh_analyze_banner().
• Fixed a possible data overread and crash bug.
• Fixed setting max_fd which breaks ssh_select().
• Fixed some pedantic build warnings.
• Fixed a memory leak with session->bindaddr.