Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Background:
Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.

Vulnerability found on 17th Oct 2018:
By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

Remediation:
libssh 0.8.4 and 0.7.6 security and bugfix release (Refer below url):

Comment: This bug may found earlier than file a CVE record. Cyber World indeed not safe!

https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.