libssh vulnerability: Critical flaw in Linux and Mac SSH/SFTP services
Who is using libssh?
Libssh is used mostly to allow secure connections between server and clients. It is used for secure file transfers (secure FTP) between different computers in projects like KDE and produces secure connections in projects like Github and X2Go etc. l
How an attacker can gain access to your server?
Instead of request to authenticate in the system, an attacker can send a request that authentication is already successful and gain up to the highest permissions and execute absolutely arbitrary code. In fact, attacker presents the server a SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication.
Which devices are affected?
Servers that are using libssh versions 0.6 and above are vulnerable
How to check if you’re vulnerable?
You can easily check whether you are vulnerable using code below:
https://github.com/leapsecurity/libssh-scanner
How to fix up?
To fix this vulnerability you should visit the official site
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
and update your libssh library.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
Next Readers
How does it feel to discover a Zero-day Vulnerability at 21?
Mykhailo Dovhanych, 21, our Pentester has become a local celebrity. He made the digital world a bit safer by discovering a Zero-day vulnerability and getting his first CVE. We asked him a couple of questions to learn more about this exciting story: UnderDefense: What...
SOC 2 Budget Breakdown: How Much Does SOC 2 Cost in 2023?
In a Nutshell SOC 2 Type I and Type II Certification Cost Comparison SOC 2 Type II Cost SOC 2 Type I Cost SOC 2 Certification Cost Breakdown Stage 1. Pre-Assessment Pre-Assessment Supervision SOC 2 Policies Software Licenses and Installations Penetration Test...
UnderDefense reaches the mark of 100 employees
Reaching 100 employees is no small feat and we are thrilled to announce that Underdefense has done just that! We are so proud of the team we've built who are committed to providing top-notch cybersecurity services. If everyone is moving forward together, then success...