# 
#
#
module LIBSSH_CVE_2018_10933;

export {
    redef enum Log::ID += { LOG };
    redef enum Notice::Type += { Vulnerable_Version };
}

event ssh_server_version(c: connection, version: string)
{
    if ("libssh" !in version) {
        return;
    }
    
    local vuln = F;
    
    # Ex: SSH-2.0-libssh_0.7.4
    local sv = split_string(version, /_/);
    
    if (|sv| == 2) {
        local ver = split_string(sv[1], /\./);



        # 0.6.* and <0.7.6 is vulnerable to this CVE
        if (to_count(ver[0]) == 0 && (to_count(ver[1]) == 7 || to_count(ver[1]) == 6) && to_count(ver[2]) < 6) {
            vuln = T;
        }
        
        # <0.8.4 is vulnerable to this CVE
        if (to_count(ver[0]) == 0 && to_count(ver[1]) == 8 && to_count(ver[2]) < 4) {
            vuln = T;
        }
        
        if(!vuln) {
            return;
        }
        
        NOTICE([$note=LIBSSH_CVE_2018_10933::Vulnerable_Version,
            $msg = fmt("Vulnerable version found - %s", sv[1]),
            $conn = c]);
    }
}