Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.

Vulnerability found on 17th Oct 2018:
By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

libssh 0.8.4 and 0.7.6 security and bugfix release (Refer below url):

Comment: This bug may found earlier than file a CVE record. Cyber World indeed not safe!