oss-sec mailing list archives

CVE-2018-10933: libssh: authentication bypass in server code

From: Marcus Meissner <meissner () suse de>
Date: Tue, 16 Oct 2018 14:21:43 +0200

Hi,

https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

-----
libssh 0.8.4 and 0.7.6 security and bugfix release

This is an important security and maintenance release in order to address CVE-2018-10933.

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server 
an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to 
initiate authentication, the attacker could successfully authentciate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group.
-----

This only affects libssh operating in _server_ mode, but not the usual used client mode.

Ciao, Marcus

Current thread:

CVE-2018-10933: libssh: authentication bypass in server code Marcus Meissner (Oct 16)
- Re: CVE-2018-10933: libssh: authentication bypass in server code Minh Tuan Luong (Oct 17)