CVE-2018-10933 POC (LIBSSH)# POC of CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
### Usage :
```
python3 libssh.py -s SERVER_ADD -u USERNAME -c COMMMAND_TO_EXEC
```
### Original advisory details:
Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
### Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
libssh-4 - 0.8.1-1ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all the necessary changes.
- https://www.securityfocus.com/bid/105677
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10933.html?_ga=2.25655988.847624248.1540329509-967710194.1540329509
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10933
[4.0K] /data/pocs/9fb5ec4c793f1482a430deb06f9ca1e775925afa
├── [2.0K] libssh.py
├── [ 34K] LICENSE
└── [1.1K] README.md
0 directories, 3 files