Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-10933

Published: 16 October 2018

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Priority

Medium

Cvss 3 Severity Score

9.1

Score breakdown

Status

Package Release Status
libssh
Launchpad, Ubuntu, Debian 		bionic
Released (0.8.0~20170825.94fa1e38-1ubuntu0.1)
cosmic
Released (0.8.1-1ubuntu0.1)
trusty
Released (0.6.1-0ubuntu3.4)
upstream Needs triage

xenial
Released (0.6.3-4.3ubuntu0.1)
Patches:
upstream: https://www.libssh.org/security/patches/stable-0.6_CVE-2018-10933.jmcd.patch01.txt
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=b166ac4749c78f475b1708f0345e6ca2749c5d6d
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=7819621fc2a07d2d4649b36ca77850610741cfec
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=72bce5ece7edc2fd8023185f9d47b9fc86ef4663
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=adeaa69cc535827ec8acfbaf3ff91224b5a595a7
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=f8c452cbef228b105dcb757d7554c3388a4dbea5
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=203818608ac8a83d68098f008306c3a568ac4cac
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.8&id=09a7638575b3c07ad227763e1f03f7553b045e79

Severity score breakdown

Parameter Value
Base score 9.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading