SSH Protocol Authentication Bypass (Remote Exploit Check)

[Bruno_S]

Hi

We got a report that core FTP mini server version 2.3.3 is vulnerable for "SSH Protocol Authentication Bypass (Remote Exploit Check)"
This was detected with a Nessus port scanner.
As the exploit is very old, i guess this is a wrong positive.
But whats the argument against the security guys?

Thanks and best
Bruno

[ForumAdmin]

This looks to be a libssh issue and may not apply to Core FTP software.

If there is an example of this bypass, please forward to feedback at coreftp.com

[Bruno_S]

Hi

I'm a little confused because libssh is part of the core ftp mini server. and we could not simply replace it.
What version of libssh is used in the core FTP mini server version 2.3.3?

Thanks and best
Bruno

[ForumAdmin]

The mini server does *not* utilize libssh - it is not used in Core FTP mini server

What would be needed is a test demonstrating that the same issue occurs with the mini server to verify this issue actually exists.

[batica]

Here I will post the output generated by Nessus, maybe helpful for you:

Synopsis
The remote server is vulnerable to an authentication bypass.
Description
The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST method that normally would initiate authentication.

Note: This vulnerability was disclosed in a libssh advisory but has also been observed as applicable to other applications and software packages.
See Also

http://www.nessus.org/u?6f6b157e

http://www.nessus.org/u?505261f8

http://www.nessus.org/u?58a0f73d

Solution
Upgrade to libssh 0.7.6 / 0.8.4 or later, if applicable. Otherwise, contact your product vendor.
Risk Factor
Medium

I will check if we can arrange some tests, if needed

Thank you!
Batica