This Metasploit module exploits an authentication bypass in libssh server code where a USERAUTH_SUCCESS message is sent in place of the expected USERAUTH_REQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this modules success depends on whether the server code can trigger the correct (shell/exec) callbacks despite only the state machines authenticated state being set. Therefore, you may or may not get a shell if the server requires additional code paths to be followed.
cde91faaf9388b718ce891cfb99941d6d0d6c0ea49e71e81ac203c8bf86be937
Ubuntu Security Notice 6475-1 - It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges.
0f5bdfd830c1045876a39f585eab0d4480ccae6d44a7e287338db0cbc5144e33
Red Hat Security Advisory 2019-3673-01 - The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol Agent with Enhanced Ethernet support. An improper sanitization issue was addressed.
e7e595745f0998806ec07b2bc2b8ba088d60bccfb92da62bc5ad78814a43f171
Red Hat Security Advisory 2019-1162-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
c7d1940fd728b415f110e72909845b2271eb585cf3fe1c0022cb42c5baba4e0e
Red Hat Security Advisory 2019-1160-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
3a5c07b7f4dc0c1d0e83e80c108f16d7d04eb6c1b01ece3a5004980feb6ad6a1
Red Hat Security Advisory 2019-1161-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
de8411e9560c197b8de7528b762568e5f5c3aa978f3a5f13cf46e86c2003548d
Red Hat Security Advisory 2019-1159-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
53067ef42952a1e99d1aba18ee49ae76fe735209c653df2c3a7195c682804794
Gentoo Linux Security Advisory 201904-6 - Multiple vulnerabilities have been found in GlusterFS, the worst of which could result in the execution of arbitrary code. Versions less than 4.1.8 are affected.
043fd8e80fc0cf57260f877078d16e4c53b33b4af150e6f0c8c6dc52016164d4
Red Hat Security Advisory 2019-0364-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
a228d9418494e5a5cd97d703c55108239e82d26c2deebf111ebb52fd2adf1aec
Red Hat Security Advisory 2019-0362-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
09b757ecbeea503e2e2dd6f7ac771af07bbaed81be2e458c03e54c8290188e5d
Red Hat Security Advisory 2019-0380-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.6 serves as a replacement for Red Hat Single Sign-On 7.2.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
32aad9996df6400db8adadb3fa8c9c6302bbd9bc31c388eac459b86318d6202a
Red Hat Security Advisory 2019-0365-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
6e0db3fe2f3f38836bb6573608efad79fe56089340c18ecdc05321a13b97597d
LibSSH versions 0.7.6 and 0.8.4 unauthorized access proof of concept exploit.
c5b8fd0e5cbaa3811a98a28383bb380c8a42e3dea1a7a2195ac4e5790302813f
Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5
Ubuntu Security Notice 3797-2 - USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. Various other issues were also addressed.
fcfe969ee2f2de30c48af096d0d90e976029649357ff3de4385bb752f9ff023a
Ubuntu Security Notice 3797-1 - Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
238ceea5929a80898d5da54f43ed9ee667e49e84560780dbb617b5dff7489b20
Ubuntu Security Notice 3795-2 - USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
070f9eac6dd5b461646ba1be186066891ca7d42693547ae77fcc1dbac0b10ead
libSSH suffers from an authentication bypass vulnerability.
6bcffb74a9c2f6e6896ef61d538f794814156c05eda4456a642ba4d74d440fe2
Ubuntu Security Notice 3795-1 - Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
0e050a6a0d7cf6f0174602482b0eb22f9ad32c0f80e78085e68ea3b88ae8b752
Debian Linux Security Advisory 4308-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a9488a1ec49d402caeb675f06f2c3bfc5c6485d76c3af54ee57d369cf63de403
Red Hat Security Advisory 2018-2757-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
ebc2c485eac5e96a5ec19794c9c43a5b4e7aee4c30f1a0fff67a7a95a75f23cb
Red Hat Security Advisory 2018-2607-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, deserialization, local file inclusion, and remote file inclusion vulnerabilities.
1869d3dbb0d19201b396114a7ac010439cd91183d33b11fbfc38ece6f506392a
Red Hat Security Advisory 2018-2608-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and deserialization vulnerabilities.
dbc1eee9743f4815426c0555b3ae9015f27350b74fb56d7d1bb32c22f9a3a6ae
Ubuntu Security Notice 3752-3 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
df405822058b07d43330a4315ada3e76a4b71ec3918d891cc128c577470eaa65
Ubuntu Security Notice 3752-2 - USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
f7a708d43dc8fc39287ba0870edf14e6d0ec3a7b3c72bc9ee988c9562a349836