[3.5] libssh: Authentication Bypass due to improper message callbacks implementation (CVE-2018-10933)
libssh versions 0.6 and above have an authentication bypass
vulnerability in
the server code. By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server
would expect
to initiate authentication, the attacker could successfully
authentciate
without any credentials.
Fixed In Version:
libssh 0.7.6, libssh 0.8.4
References:
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
https://www.openwall.com/lists/oss-security/2018/10/17/5
(from redmine: issue id 9572, created on 2018-10-23, closed on 2018-10-25)
- Relations:
- parent #9569 (closed)
- Changesets:
- Revision 7838ef4a on 2018-10-24T17:03:07Z:
main/libssh: security upgrade 0.7.6 (CVE-2018-10933)
fixes #9572