Land #10866, libssh_auth_bypass check updates

2018-10-25 05:20:45 -05:00 · 2018-10-25 05:20:45 -05:00 · 609e706e63
parent a43edc4fbf
commit 609e706e63
1 changed files with 8 additions and 3 deletions
--- a/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
+++ b/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
@ -58,11 +58,14 @@ class MetasploitModule < Msf::Auxiliary

  # Vulnerable since 0.6.0 and patched in 0.7.6 and 0.8.4
  def check_banner(ip, version)
-    version =~ /libssh_([\d.]+)$/ && $1 && (v = Gem::Version.new($1))
+    version =~ /libssh[_-]?([\d.]*)$/ && $1 && (v = Gem::Version.new($1))

    if v.nil?
      vprint_error("#{ip}:#{rport} - #{version} does not appear to be libssh")
      Exploit::CheckCode::Unknown
+    elsif v == Gem::Version.new('')
+      vprint_warning("#{ip}:#{rport} - libssh version not reported")
+      Exploit::CheckCode::Detected
    elsif v.between?(Gem::Version.new('0.6.0'), Gem::Version.new('0.7.5')) ||
          v.between?(Gem::Version.new('0.8.0'), Gem::Version.new('0.8.3'))
      vprint_good("#{ip}:#{rport} - #{version} appears to be unpatched")
@ -110,8 +113,10 @@ class MetasploitModule < Msf::Auxiliary
    version = ssh.transport.server_version.version

    # XXX: The OOB authentication leads to false positives, so check banner
-    return if datastore['CHECK_BANNER'] &&
-              check_banner(ip, version) != Exploit::CheckCode::Appears
+    if datastore['CHECK_BANNER']
+      return if check_banner(ip, version) !=
+        (Exploit::CheckCode::Appears || Exploit::CheckCode::Detected)
+    end

    report_vuln(
      host: ip,