FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libssh -- authentication bypass vulnerability

Affected packages
0.6 <= libssh < 0.7.6
0.8 <= libssh < 0.8.4


VuXML ID 2383767c-d224-11e8-9623-a4badb2f4699
Discovery 2018-10-16
Entry 2018-10-17

gladiac reports:

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.


CVE Name CVE-2018-10933