ALT-PU-2018-2528-1
Closed vulnerabilities
Published: 2018-10-17
BDU:2018-01221
Уязвимость механизма аутентификации серверной части библиотеки libssh, позволяющая нарушителю обойти процедуру аутентификации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-10-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Severity: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
- 105677
- 105677
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
- [debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update
- [debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- USN-3795-1
- USN-3795-1
- USN-3795-2
- USN-3795-2
- DSA-4322
- DSA-4322
- 45638
- 45638
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.libssh.org/security/advisories/CVE-2018-10933.txt
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html