libssh, a tiny C SSH library, contains an authentication bypass vulnerability in libssh’s server-side code.
An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication.
Red Hat
This vulnerability affects libssh shipped in Red Hat Enterprise Linux 7 Extras. No libssh packages are included in Red Hat Enterprise Linux 6 and earlier. This issue does not affect libssh2 or openssh.
Ubuntu
the following releases of Ubuntu and its derivatives are affected:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
- libssh-4 – 0.8.1-1ubuntu0.1
Ubuntu 18.04 LTS
- libssh-4 – 0.8.0~20170825.94fa1e38-1ubuntu0.1
Ubuntu 16.04 LTS
- libssh-4 – 0.6.3-4.3ubuntu0.1
Ubuntu 14.04 LTS
- libssh-4 – 0.6.1-0ubuntu3.4
Debian
For the stable distribution (stretch), this problem has been fixed in version 0.7.3-2+deb9u1.
Oracle MySQL
This vulnerability was patched with Oracle’s Critical Patch Update for january:
More information can be found on this page