Original release date: October 17, 2018
Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn’t that big as neither OpenSSH or the GitHub implementation are affected.
The bug is in the not so widely used libSSH library, not to be confused with libssh2 or OpenSSH – which are very widely used.
There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server.
Read the rest of Four Year Old libssh Bug Leaves Servers Wide Open now! Only available at Darknet.