CVE-2018-10933 Versions 0.7.6 to 0.8.4
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.
The bug was discovered by Peter Winter-Smith of NCC Group.
A POC demo of this vulnerability exists as a docker image.
cd ./CVE-2018-10933/docker
docker-compose upDocker image and vulnerability based off of https://github.com/hackerhouse-opensource/cve-2018-10933.
Description based off of https://www.libssh.org/security/advisories/CVE-2018-10933.txt.
CVE based off of https://nvd.nist.gov/vuln/detail/CVE-2018-10933.
The bug was discovered by Peter Winter-Smith of NCC Group.
Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.