FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
13d83980-9f18-11ee-8e38-002590c1f29c	FreeBSD -- Prefix Truncation Attack in the SSH protocol Problem Description: The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers. Impact: A man in the middle attacker can silently manipulate handshake messages to truncate extension negotiation messages potentially leading to less secure client authentication algorithms or deactivating keystroke timing attack countermeasures. Discovery 2023-12-19 Entry 2024-01-02 FreeBSD ge 14.0 lt 14.0_4 ge 13.2 lt 13.2_9 CVE-2023-48795 SA-23:19.openssh

VuXML ID

Description

13d83980-9f18-11ee-8e38-002590c1f29c

FreeBSD -- Prefix Truncation Attack in the SSH protocol

Problem Description:

The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers.

Impact:

A man in the middle attacker can silently manipulate handshake messages to truncate extension negotiation messages potentially leading to less secure client authentication algorithms or deactivating keystroke timing attack countermeasures.

Discovery 2023-12-19
Entry 2024-01-02
FreeBSD

ge 14.0 lt 14.0_4

ge 13.2 lt 13.2_9

CVE-2023-48795
SA-23:19.openssh