Test ID:	1.3.6.1.4.1.25623.1.0.891548
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1548-1)
Summary:	The remote host is missing an update for the Debian 'libssh' package(s) announced via the DLA-1548-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libssh' package(s) announced via the DLA-1548-1 advisory. Vulnerability Insight: Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication. For Debian 8 Jessie, this problem has been fixed in version 0.6.3-4+deb8u3. We recommend that you upgrade your libssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'libssh' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10933 BugTraq ID: 105677 http://www.securityfocus.com/bid/105677 Debian Security Information: DSA-4322 (Google Search) https://www.debian.org/security/2018/dsa-4322 https://www.exploit-db.com/exploits/45638/ https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html https://usn.ubuntu.com/3795-1/ https://usn.ubuntu.com/3795-2/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.