Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
A serious bug is found in SSH library that lets unauthorized people login without asking for credentials.
IMPACT: HIGH
PUBLISH DATE: 19-10-2018
OVERVIEW
A vulnerability in libssh’s server-side state machine before versions 0.7.6 and 0.8.4 could lead to creation of channels without first performing authentication. This way, people with malicious intent can acquire unauthorized access.
ANALYSIS
LibSSH is possibly the most widely deployed remote access protocol in the world. Unix and Linux servers use SSH for remote administration. SSH stands for secure shell, where the term shell is Unix-speak for a command prompt, the place where most Unix-style functions of system administration are performed. The functions can be performed either by a logged-in human manually, or automatically via a logged-in script.
The vulnerability found in the libSSH can only affect applications that use libssh to implement an SSH server whereas SSH client functionality is not affected. For example, no packages in Red Hat Enterprise Linux 6 and prior use libssh to implement an SSH server and therefore remain unaffected by this vulnerability. Moreover, this issue does not affect libssh2 or openssh.
Since customers and third-party codes use the libssh library, any code using the ssh_bind* functions may be affected by this flaw.
The issue is important because the library is used to create a secure tunnel for encrypted communication between two computers on the internet. Secure file transfer between servers, and secure data synchronization between data centers also make use of the libssh library.
Libssh is used as the SSH server of one giant platform, Microsoft’s GitHub source code repository. The risk of unauthorized access for such platforms using libssh as their SSH server is quite considerable.
The following snap from nakedsecurity shows how a client can successfully login just by talking to the server. The bug confuses the server in a peculiar way, in which the client can tell the server that authentication has been successful, instead of the server giving access to the client after careful verification of credentials.
AFFECTED PRODUCTS
Libssh server-side state machine before versions 0.7.6 and 0.8.4
UPDATES
This vulnerability has been addressed in libssh versions 0.8.4 and 0.7.6, so it is important to update servers once server distributions release patches. Additionally, if software creators implement the libssh library in server mode, they should update to the latest version of the library.
If you think you’re the victim of a cyber-attack, immediately send an e-mail to soc@rewterz.com