A vulnerability in the libssh platform could allow an attacker to bypass authentication and gain full control over vulnerable servers.
The vulnerability basically allows the attacker to simply tell the targeted system that the authentication is complete rather than the other way around and the server accepts the command without validating.
As a result of the flaw, an attacker could authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, according to an Oct. 16 security advisory.
Tenable researchers found nearly 2000 devices running libssh versions 0.6 and although the full scope of the issue is unclear, libssh also reportedly needs to be ran in server mode, not client mode, which may limit the impact of this vulnerability the researchers said.
The vulnerability has been addressed in libssh versions 0.8.4 and 0.7.6 and users are advised to update their systems as soon as their server distributions release patches.
