libssh vulnerability: Critical flaw in Linux and Mac SSH/SFTP services
Who is using libssh?
Libssh is used mostly to allow secure connections between server and clients. It is used for secure file transfers (secure FTP) between different computers in projects like KDE and produces secure connections in projects like Github and X2Go etc. l
How an attacker can gain access to your server?
Instead of request to authenticate in the system, an attacker can send a request that authentication is already successful and gain up to the highest permissions and execute absolutely arbitrary code. In fact, attacker presents the server a SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication.
Which devices are affected?
Servers that are using libssh versions 0.6 and above are vulnerable
How to check if you’re vulnerable?
You can easily check whether you are vulnerable using code below:
How to fix up?
To fix this vulnerability you should visit the official site
and update your libssh library.
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
How to detect CobaltStrike Command & Control communicationBy Bogdan VennykCobaltStrike became part of the Cybercrime’s “toolset” almost in every Company breach. This growth is explained by the fact that CobaltStrike was leaked multiple times and became more...
Detecting DGA domains: Machine Learning approachBy Alexander RagulinIn this post we are going to take a look at Domain Generation Algorithms (DGA) and an interesting way to detect them with the help of Deep Learning (LSTM neural net, to be precise). DGA domains are...
Supply Chain Cyber-Attack Risk Mitigation for Software Tech firms and Insurance domainSupply Chain Cyber Resiliency is emerging as one of the top risk management challenges needing addressed by the InfoSec industry in 2021By Nazar TymoshykCEO at UnderDefenseCurrent...