Libssh Vulnerability Leaves Servers Open to Unauthorized Access

A critical vulnerability disclosed last week, CVE-2018-10933 , could allow threat actors to easily gain unauthorized access to any server using the libssh library prior to versions 0.7.6 and 0.8.4. Exploiting the libssh vulnerability provides an attacker access to a server through an SSH (Secure Shell) connection without authentication. By sending the SSH server a "SSH2_MSG_USERAUTH_ SUCCESS" message when it expects a "SSH2_MSG_USERAUTH_REQUEST" message, the server automatically assumes authentication has already taken place and grants access. The vulnerability is in libssh’s server-side code and, therefore, will not impact any libssh-based clients, unless that client is also a server. The NJCCIC highly recommends administrators of affected libssh libraries immediately update to a patched version due to the public availability of scanners and exploit code to target this vulnerability. Administrators of Linux-based systems with open and publicly exposed SSH ports are recommended to change any and all default account credentials, ensure systems have unique and complex account credentials, and close port 22 if it is not needed. If SSH is needed in your environment, consider implementing IP whitelisting and a multi-factor authentication solution to protect against brute-force attacks and unauthorized access via credential compromise. BleepingComputer has compiled a list of known advisories related to this vulnerability from various vendors, here.

AdvisoryNJCCIClibssh