CVE-2018-10933

Published: 16 October 2018

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Priority

CVSS 3 base score: 9.1

Status

Package	Release	Status
libssh Launchpad, Ubuntu, Debian	bionic	Released (0.8.0~20170825.94fa1e38-1ubuntu0.1)
	cosmic	Released (0.8.1-1ubuntu0.1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [0.6.1-0ubuntu3.4])
	upstream	Needs triage
	xenial	Released (0.6.3-4.3ubuntu0.1)
	Patches: upstream: https://www.libssh.org/security/patches/stable-0.6_CVE-2018-10933.jmcd.patch01.txt (0.6.x) upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=b166ac4749c78f475b1708f0345e6ca2749c5d6d upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=7819621fc2a07d2d4649b36ca77850610741cfec upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=72bce5ece7edc2fd8023185f9d47b9fc86ef4663 upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=adeaa69cc535827ec8acfbaf3ff91224b5a595a7 upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=f8c452cbef228b105dcb757d7554c3388a4dbea5 upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=203818608ac8a83d68098f008306c3a568ac4cac upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=09a7638575b3c07ad227763e1f03f7553b045e79

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›