libssh authentication bypass

Added: 10/29/2018
BID: 105677

Background

libssh is a C library implementing the SSHv2 protocol.

Problem

A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2_MSG_USERAUTH_SUCCESS message instead of a SSH2_MSG_USERAUTH_REQUEST message.

Resolution

Upgrade to libssh 0.7.6 or 0.8.4 or higher, or install a fix from your operating system vendor.

References

https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Back to exploit index