drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in libssh
Name: |
Mangelnde Rechteprüfung in libssh |
|
ID: |
DSA-4322-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Mi, 17. Oktober 2018, 18:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933 |
|
Applikationen: |
libssh |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4322-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 17, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libssh CVE ID : CVE-2018-10933 Debian Bug : 911149
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication.
For the stable distribution (stretch), this problem has been fixed in version 0.7.3-2+deb9u1.
We recommend that you upgrade your libssh packages.
For the detailed security status of libssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libssh
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvHX65fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QzRRAAkVzmI8DleL1oJ7sGN/NbPcYVPin1G+yYPw9OLKvYVCcz3rl4Hj8xNPSk 9bneHArC8/lvdk8ycyX9IuriO6E8D31pnMaWpxkWG/ulBRWymx+fT1wrWirhYEvT iYFCXpBFSHOWgPLM8Yand87xcnSLsbT8if24cv0Wuj4mTb2RdjvuBnrBqX1B91h1 08Pe27RPpyX83Lj9yCtQcZzm/t3vqYZPt9WNd91wRHD6wL6Xvt0uqCm6QnB/T3hk 9AdhpSUUCQFYNUliVYAgm1xDOWbVzmptPDo1jdo3/4qFAZhoYEnqdZCfholl4ldJ SxSmMHbXrug1lTGEqLlZSG1U6R4bUlodcBKwVLEjf0uFxlG3EqYKdIWlIN+TFqlO 8ttarFk1nCNyzt/ieheLNN6I/OOBrgT9+FS50m/6QN6gGnKJZPsY/YngHWGbc48v vN91cbn5RITfV3TQQiYY8LzbdGJNNNJp7PN23G3BKxgcM+n/sxjm1xajm0r3USaG bCbxNpzFTeTv+XUtjZvU8cWgHJJJOg6/2XB6loiplqgffTHUPC8LlIC8Vpa3uwkm W5353+UAp1OqvQvwYUj9rxAL+xbleMi8OHDOcqqGW5nkA4K1sLyCgunH6TDEMwjM bxWr6q0drbgtS5ePpLqqXMeNV/eQqxkrRg5EGwF6kyOAA35YrCU= =PEQu -----END PGP SIGNATURE-----
|
|
|
|