ArchLinux: 201810-10: libssh: authentication bypass

    Date17 Oct 2018
    CategoryArchLinux
    1735
    Posted ByAnthony Pell
    The package libssh before version 0.8.4-1 is vulnerable to authentication bypass.
    Arch Linux Security Advisory ASA-201810-10
    ==========================================
    
    Severity: Critical
    Date    : 2018-10-17
    CVE-ID  : CVE-2018-10933
    Package : libssh
    Type    : authentication bypass
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-780
    
    Summary
    =======
    
    The package libssh before version 0.8.4-1 is vulnerable to
    authentication bypass.
    
    Resolution
    ==========
    
    Upgrade to 0.8.4-1.
    
    # pacman -Syu "libssh>=0.8.4-1"
    
    The problem has been fixed upstream in version 0.8.4.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An authentication bypass vulnerability has been discovered in libssh
    versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By
    presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of
    the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
    initiate authentication, the attacker could successfully authenticate
    without any credentials, resulting in unauthorized access.
    
    Impact
    ======
    
    A remote attacker is able to successfully authenticate without any
    credentials, resulting in unauthorized access.
    
    References
    ==========
    
    https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
    https://www.libssh.org/security/advisories/CVE-2018-10933.txt
    https://git.libssh.org/projects/libssh.git/commit/?id=2bddafeb709eacc80ad31fec40479f9b628a8bd7
    https://git.libssh.org/projects/libssh.git/commit/?id=825f4ba96407abe8cebb046a7503fa2bf5de9df6
    https://git.libssh.org/projects/libssh.git/commit/?id=20981bf2296202e95d7919394d4610ae3a876cfa
    https://git.libssh.org/projects/libssh.git/commit/?id=5d7414467d6dac100a93df761b06de5cd07fc69a
    https://git.libssh.org/projects/libssh.git/commit/?id=459868c4a57d2d11cf7835655a8d1a5cf034ccb4
    https://git.libssh.org/projects/libssh.git/commit/?id=68b0c7a93448123cc0d6a04d3df40d92a3fd0a67
    https://git.libssh.org/projects/libssh.git/commit/?id=75be012b4a14f4550ce6ad3f126e559f44dbde76
    https://git.libssh.org/projects/libssh.git/commit/?id=e1548a71bdac73da084174ab1d6d2713edd93f6e
    https://security.archlinux.org/CVE-2018-10933
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.