[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] libssh vulnerability (CVE-2018-10933)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] libssh vulnerability (CVE-2018-10933)
From: Colin Childs <colin@xxxxxxxxxxxxxx>
Date: Tue, 16 Oct 2018 14:39:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Oct 2018 15:39:15 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi tor-relays,

This email is just to notify the list of a recent libssh vulnerability[1], and encourage any operators who may be running a vulnerable version of libssh to update.

It appears this only impacts libssh in server mode:

“This is an important security and maintenance release in order to address CVE-2018-10933., libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication the attacker could successfully authenticate without any credentials.

The bug was discovered by Peter Winter-Smith of NCC Group.”

Thanks for being relay operators! 

[1]: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Exit Node shutdown
Next by Author: [tor-relays] Thank You
Previous by thread: Re: [tor-relays] "ORPort auto" versus "ORPort 9001" for a bridge
Next by thread: [tor-relays] Why is there a difference in the amount of data tor has sent and received?
Index(es):
- Author
- Thread