libssh: Authentication Bypass due to improper message callbacks implementation (CVE-2018-10933)
libssh versions 0.6 and above have an authentication bypass
vulnerability in
the server code. By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server
would expect
to initiate authentication, the attacker could successfully
authentciate
without any credentials.
Fixed In Version:
libssh 0.7.6, libssh 0.8.4
References:
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
https://www.openwall.com/lists/oss-security/2018/10/17/5
(from redmine: issue id 9569, created on 2018-10-23, closed on 2018-10-25)
- Relations:
- child #9570 (closed)
- child #9571 (closed)
- child #9572 (closed)