Packages

  • Status Researching
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by belette - 17/10/2018
Last edited by André Silva - 17/10/2018

FS#1227 - [libssh] CVE-2018-10933

Description:
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1

CVE

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing