VDB

MAGEIA-2019-43

MAGEIA-2019-43 PUBLISHED

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials (CVE-2018-10933).

Affected Products

VendorProductVersions
Mageialibssh0.7.7-1.mga6, 0, 0
Mageiarpmdrake0, 6.27.1-1.mga6

Timeline

  • Jan 19, 2019 CVE Updated
  • Jan 20, 2019 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›