This Metasploit module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this modules success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machines authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.
cde91faaf9388b718ce891cfb99941d6d0d6c0ea49e71e81ac203c8bf86be937LibSSH versions 0.7.6 and 0.8.4 unauthorized access proof of concept exploit.
c5b8fd0e5cbaa3811a98a28383bb380c8a42e3dea1a7a2195ac4e5790302813fUbuntu Security Notice 3795-2 - USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
070f9eac6dd5b461646ba1be186066891ca7d42693547ae77fcc1dbac0b10eadlibSSH suffers from an authentication bypass vulnerability.
6bcffb74a9c2f6e6896ef61d538f794814156c05eda4456a642ba4d74d440fe2Ubuntu Security Notice 3795-1 - Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
0e050a6a0d7cf6f0174602482b0eb22f9ad32c0f80e78085e68ea3b88ae8b752
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed