来源

关联漏洞

描述

Authentication Bypass in Server Code for LibSSH

介绍

# Authentication Bypass in Server Code

CVE-2018-10933
Versions 0.7.6 to 0.8.4

## Description
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code.  By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group.

## Installation
A POC demo of this vulnerability exists as a docker image.
```bash
cd ./CVE-2018-10933/docker
docker-compose up
```
## Credits
Docker image and vulnerability based off of <a href="https://github.com/hackerhouse-opensource/cve-2018-10933" target="_blank">https://github.com/hackerhouse-opensource/cve-2018-10933</a>.

Description based off of <a href="https://www.libssh.org/security/advisories/CVE-2018-10933.txt" target="_blank">https://www.libssh.org/security/advisories/CVE-2018-10933.txt</a>.

CVE based off of <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-10933" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2018-10933</a>.

The bug was discovered by Peter Winter-Smith of NCC Group.

Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.

文件快照

 [4.0K]  /data/pocs/adda1c9fbc74480660d8f37fbee1a82f7640e8e6
├── [4.0K]  docker
│   ├── [ 969]  cve-2018-10933.patch
│   ├── [ 183]  docker-compose.yml
│   ├── [1.2K]  Dockerfile
│   ├── [412K]  libssh-0.8.3.tar.xz
│   └── [ 513]  server.patch
├── [4.0K]  exploit
│   └── [ 422]  exploit.py
└── [1.3K]  README.md

2 directories, 7 files

备注