CVE-2018-15473

CVE-2018-15473

About

https://nvd.nist.gov/vuln/detail/CVE-2018-15473

PoC / Exploit

• https://github.com/Rhynorater/CVE-2018-15473-Exploit
• https://www.exploit-db.com/exploits/45210

Environment used

• Ubuntu 18.04.3 LTS
• OpenSSH 7.6

Reproduction

• Server

  • Docker version:

    docker run --rm -p 8022:22 -it simaofsilva/cve-2018-15473

  • Script version:

    sudo bash installation.sh
    bash init.sh

• Client

docker run --rm -it simaofsilva/cve-2018-15473-client

The result should be a message like "{USERNAME} is (not) a valid user!"

Note: When using client and server in the same machine, in the client the IP to use is 172.17.0.1, in case of default Docker configs.

Links

• OpenSSL versions
• Tutorial SSL source compilation
• OpenSSH old versions
• Tutorial SSH source compilation