libssh – WindowsTechs.com

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Posted on March 19, 2019 by Wang Wei

Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities.

The Libssh2 library is available for all major distributors of the… Continue reading Libssh Releases Update to Patch 9 New Security Vulnerabilities→

Bugs, Breaches, and More! – Application Security Weekly #36

Posted on October 24, 2018 by Security Weekly Productions

Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers. Full Show Note… Continue reading Bugs, Breaches, and More! – Application Security Weekly #36→

LibSSH, WordPress, and LIVE555 – Hack Naked News #194

Posted on October 23, 2018 by Security Weekly Productions

This week, Critical Code execution flaws, WordPress working on wiping older versions from existence, Multiple serious flaws in Drupal, TCP/IP flaws leave IoT gear open to mass hijacking, jQuery plugin actively exploited for at least three years, Flaw i… Continue reading LibSSH, WordPress, and LIVE555 – Hack Naked News #194→

libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers

Posted on October 17, 2018 by Tara Seals

The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. Continue reading libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers→

Serious SSH bug lets crooks log in just by asking nicely…

Posted on October 17, 2018 by Paul Ducklin

A serious bug in libssh could allow crooks to connect to your server – with no password requested or required. Here’s what you need to know. Continue reading Serious SSH bug lets crooks log in just by asking nicely…→

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Posted on October 17, 2018 by Mohit Kumar

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server wi… Continue reading LibSSH Flaw Allows Hackers to Take Over Servers Without Password→

LibSSH Vuln: You Don’t Need to See my Authentication

Posted on October 17, 2018 by Jonathan Bennett

Another day, another CVE (Common Vulnerabilities and Exposures). Getting a CVE number assigned to a vulnerability is a stamp of authenticity that you have a real problem on your hands. CVE-2018-10933 is a worst case scenario for libssh. With a single response, an attacker can completely bypass authentication, giving full access to a system.

Before you panic and yank the power cord on your server, know that libssh is not part of OpenSSH. Your Linux box almost certainly uses OpenSSH as the SSH daemon, and that daemon is not vulnerable to this particular problem. Libssh does show up in a …read more

Continue reading LibSSH Vuln: You Don’t Need to See my Authentication→