CVE-2018-10933

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Высокий

Описание

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Ссылки

http://www.securityfocus.com/bid/105677
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
Mailing List
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190118-0002/
Third Party Advisory
https://usn.ubuntu.com/3795-1/
Third Party Advisory
https://usn.ubuntu.com/3795-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4322
Third Party Advisory
https://www.exploit-db.com/exploits/45638/
Exploit
Third Party Advisory
VDB Entry
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/105677
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html
Mailing List
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190118-0002/
Third Party Advisory
https://usn.ubuntu.com/3795-1/
Third Party Advisory
https://usn.ubuntu.com/3795-2/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4322
Third Party Advisory
https://www.exploit-db.com/exploits/45638/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*

Версия от 0.6.0 (включая) до 0.7.6 (исключая)

cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*

Версия от 0.8.0 (включая) до 0.8.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*

Версия от 7.3 (включая)

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*

Версия от 9.4 (включая)

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Конфигурация 6

cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*

Версия до 8.0.13 (включая)

EPSS

Процентиль: 99%

0.80698

Высокий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-592

CWE-287

Связанные уязвимости

CVE-2018-10933

CVSS3: 9.1

ubuntu

почти 7 лет назад

CVE-2018-10933

CVSS3: 9.1

redhat

почти 7 лет назад

CVE-2018-10933

CVSS3: 9.1

debian

почти 7 лет назад

A vulnerability was found in libssh's server-side state machine before ...

openSUSE-SU-2018:3245-1

suse-cvrf

почти 7 лет назад

Security update for libssh

openSUSE-SU-2018:3200-1

suse-cvrf

почти 7 лет назад

Security update for libssh

EPSS

Процентиль: 99%

0.80698

Высокий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-592

CWE-287