• Status Closed
  • Percent Complete
  • Task Type Security Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Milky Way v0.3
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by belette - 17/10/2018
Last edited by André Silva - 12/08/2019

FS#1227 - [libssh] CVE-2018-10933

libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1


Closed by  André Silva
12.08.2019 01:10
Reason for closing:  Fixed
Date User Effort (H:M)


Available keyboard shortcuts


Task Details

Task Editing