Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668788 (CVE-2018-10933) - <net-libs/libssh-0.8.4: Authentication bypass vulnerability in the server code (CVE-2018-10933)
Summary: <net-libs/libssh-0.8.4: Authentication bypass vulnerability in the server cod...
Status: RESOLVED FIXED
Alias: CVE-2018-10933
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.libssh.org/security/advis...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-16 15:23 UTC by Vlad K.
Modified: 2018-11-25 02:07 UTC (History)
3 users (show)

See Also:
Package list:
net-libs/libssh-0.8.4
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlad K. 2018-10-16 15:23:49 UTC
"libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials."

* Advisory:
  https://www.libssh.org/security/advisories/CVE-2018-10933.txt

  also:
  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Comment 1 Larry the Git Cow gentoo-dev 2018-10-16 15:47:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9446a58ef8701d59c8d267bfcd156a68de3f39b

commit b9446a58ef8701d59c8d267bfcd156a68de3f39b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-10-16 15:46:52 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-10-16 15:46:52 +0000

    net-libs/libssh: 0.8.4 version bump for CVE-2018-10933
    
    Bug: https://bugs.gentoo.org/668788
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libssh/Manifest            |   1 +
 net-libs/libssh/libssh-0.8.4.ebuild | 111 ++++++++++++++++++++++++++++++++++++
 2 files changed, 112 insertions(+)
Comment 2 Andreas Sturmlechner gentoo-dev 2018-10-17 08:38:18 UTC
Arches, please stabilise.
Comment 3 Thomas Deutschmann gentoo-dev Security 2018-10-17 12:09:07 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-10-17 16:10:30 UTC
amd64 stable
Comment 5 Rolf Eike Beer 2018-10-17 19:07:58 UTC
sparc stable.
Comment 6 Matt Turner gentoo-dev 2018-10-18 02:17:55 UTC
ppc/ppc64 stable
Comment 7 Larry the Git Cow gentoo-dev 2018-10-18 11:44:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd0771522a00098ae9b7cfd284478281f307d58c

commit fd0771522a00098ae9b7cfd284478281f307d58c
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2018-10-18 11:44:03 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2018-10-18 11:44:03 +0000

    net-libs/libssh-0.8.4-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/668788
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 net-libs/libssh/libssh-0.8.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 Tobias Klausmann gentoo-dev 2018-10-18 11:45:51 UTC
Stable on alpha.
Comment 9 Kilian 2018-10-23 17:46:08 UTC
Please note that net-libs/libssh-0.8.4 fails with libressl, see bug #669428
Comment 10 Andreas Sturmlechner gentoo-dev 2018-10-23 17:48:39 UTC
Does not concern stabilisation.
Comment 11 Sergei Trofimovich gentoo-dev 2018-10-27 18:56:19 UTC
ia64 stable
Comment 12 Markus Meier gentoo-dev 2018-10-31 17:16:29 UTC
arm stable, all arches done.
Comment 13 Larry the Git Cow gentoo-dev 2018-10-31 18:14:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a06e9e74689c4f3bc82716c870d9502b1349dc71

commit a06e9e74689c4f3bc82716c870d9502b1349dc71
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-10-31 18:13:40 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-10-31 18:13:40 +0000

    net-libs/libssh: Security cleanup
    
    Bug: https://bugs.gentoo.org/668788
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libssh/Manifest                           |   2 -
 net-libs/libssh/files/libssh-0.5.0-tests.patch     |  11 --
 .../files/libssh-0.7.5-add-macro-for-MAX.patch     |  30 ----
 .../libssh-0.7.5-fix-config-buffer-underflow.patch |  25 ----
 .../files/libssh-0.7.5-fix-config-parsing.patch    |  32 -----
 .../libssh-0.7.5-fix-internal-algo-selection.patch | 156 ---------------------
 net-libs/libssh/libssh-0.7.4.ebuild                | 100 -------------
 net-libs/libssh/libssh-0.7.5-r2.ebuild             | 103 --------------
 net-libs/libssh/metadata.xml                       |   1 -
 9 files changed, 460 deletions(-)
Comment 14 Andreas Sturmlechner gentoo-dev 2018-11-11 00:22:47 UTC
KDE is done here, anyway...