What is the LIBSSH vulnerability?

SSH provides a secure communication channel to access a remote computer. A developer can choose to use LIBSSH in their application server to transfer files, establish a secure tunnel, etc…

Best of all LIBSSH is free and you can incorporate in any of your products.

Well, in all types of products out there, there are always security researchers which help the community by informing the developer/company that their software may need to be patched due to certain loopholes.

As for LIBSSH vulnerability affecting version 0.6 and above, it was made huge by news/Known security blogs and even small mediocre security blogs (like us =P). Here is a simple video explaining in Layman what the LIBSSH vulnerability is:

A quick look at the vulnerability at CVEdetails site reveals that there are already active exploits in the wild.


Below are a few tools to help you check your network for this vulnerability:

  1. https://github.com/leapsecurity/libssh-scanner

But for Active exploitation, you may use:

  1. https://github.com/blacknbunny/Libssh-Authentication-Bypass

What should you do? Patch it!!

libssh 0.8.4 and 0.7.6 security and bugfix release

Author: Lawrence See

A security enthusiast, and an explorer.

Leave a Reply

Your email address will not be published. Required fields are marked *