Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

libSSH 身份认证绕过 CVE-2018-10933 预警

wpadmin~October 17, 2018 /InfoSec

libSSH CVE-2018-10933 预警

相关资料

影响范围

2018/10/17 shodan 搜索结果展示约有 6,353 主机使用了 libssh.

【Who uses libssh?】

1 KDE uses libssh for the sftp file transfers
2 GitHub implemented their git ssh server with libssh
3 X2Go is a Remote Desktop solution for Linux
4 csync a bidirectional file synchronizer
5 Remmina the GTK+/Gnome Remote Desktop Client
6 XMBC a media player and entertainment hub for digital media
7 GNU Gatekeeper a full featured H.323 gatekeeper

如何区分当前主机 SSH 类型 (libSSH or OpenSSH)

#
# 方案一
cd /usr/bin
ldd ./* | grep 'libssh'

# 方案二
rpm -aq | grep 'libssh'

# 方案三
telnet 22 看 banner

libSSH banner 案例
SSH-2.0-libssh

Open SSH banner 案例
SSH-2.0-OpenSSH
SSH-2.0-OpenSSH_7.6 FreeBSD-openssh-portable-7.6.p1_1,1

关于复现

据 360CERT 复现的人员说明,
此漏洞较难复现,一定条件下需要修改服务端的部分代码。

漏洞检测

https://github.com/blacknbunny/libSSH-Authentication-Bypass/

Nessus 搜索 CVE-2018-10933
https://www.tenable.com/plugins/search

相关通告

libssh 安全通告
https://www.libssh.org/security/advisories/CVE-2018-10933.txt

libssh CVE-2018-10933 身份验证绕过漏洞分析报告 – 360CERT
https://cert.360.cn/report/detail?id=a407dddd655dba34405688b1498c3aa1

漏洞通告:libssh 身份验证 (CVE-2018-10933) – Satnam Narang, Tenable
wechat

nmap seclists
https://seclists.org/oss-sec/2018/q4/65

libSSH-Authentication-Bypass
https://github.com/blacknbunny/libSSH-Authentication-Bypass/

漏洞预警 | libssh cve-2018-10933 预警
https://www.anquanke.com/post/id/162134

Leave a Reply

Your email address will not be published. Required fields are marked *