ID CVE-2018-1000805
Summary Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
References
Vulnerable Configurations
  • cpe:2.3:a:paramiko:paramiko:1.17.6
    cpe:2.3:a:paramiko:paramiko:1.17.6
  • cpe:2.3:a:paramiko:paramiko:1.18.5
    cpe:2.3:a:paramiko:paramiko:1.18.5
  • cpe:2.3:a:paramiko:paramiko:2.0.8
    cpe:2.3:a:paramiko:paramiko:2.0.8
  • cpe:2.3:a:paramiko:paramiko:2.1.5
    cpe:2.3:a:paramiko:paramiko:2.1.5
  • cpe:2.3:a:paramiko:paramiko:2.2.3
    cpe:2.3:a:paramiko:paramiko:2.2.3
  • cpe:2.3:a:paramiko:paramiko:2.3.2
    cpe:2.3:a:paramiko:paramiko:2.3.2
  • cpe:2.3:a:paramiko:paramiko:2.4.1
    cpe:2.3:a:paramiko:paramiko:2.4.1
  • Red Hat Ansible Tower 3.3
    cpe:2.3:a:redhat:ansible_tower:3.3
  • Red Hat Virtualization Host 4.0
    cpe:2.3:a:redhat:virtualization_host:4.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 6.5
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 6.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Red Hat Virtualization 4.0
    cpe:2.3:o:redhat:virtualization:4.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
CVSS
Base: 6.5
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3470.NASL
    description An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es) : * spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) * glusterfs: Multiple flaws (CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, CVE-2018-10913) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting CVE-2018-10904, CVE-2018-10907, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661, and CVE-2018-10913. The CVE-2018-10873 issue was discovered by Frediano Ziglio (Red Hat). Bug Fix(es) : * When upgrading Red Hat Virtualization Host (RHVH), imgbased fails to run garbage collection on previous layers, so new logical volumes are removed, and the boot entry points to a logical volume that was removed. If the RHVH upgrade finishes successfully, the hypervisor boots successfully, even if garbage collection fails. (BZ#1632058) * During the upgrade process, when lvremove runs garbage collection, it prompts for user confirmation, causing the upgrade process to fail. Now the process uses 'lvremove --force' when trying to remove logical volumes and does not fail even if garbage collection fails, and as a result, the upgrade process finishes successfully. (BZ#1632585)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 118790
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118790
    title RHEL 7 : Virtualization Manager (RHSA-2018:3470)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1556.NASL
    description CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. For Debian 8 'Jessie', these problems have been fixed in version 1.15.1-1+deb8u1. We recommend that you upgrade your paramiko packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 118469
    published 2018-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118469
    title Debian DLA-1556-1 : paramiko security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3796-3.NASL
    description USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details : Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118326
    published 2018-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118326
    title Ubuntu 18.10 : paramiko vulnerability (USN-3796-3)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-3FF1CB628B.NASL
    description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 120374
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120374
    title Fedora 28 : python-paramiko (2018-3ff1cb628b)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-EA6B328AFD.NASL
    description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 120878
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120878
    title Fedora 29 : python-paramiko (2018-ea6b328afd)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3347.NASL
    description From Red Hat Security Advisory 2018:3347 : An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118810
    published 2018-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118810
    title Oracle Linux 7 : python-paramiko (ELSA-2018-3347)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1443.NASL
    description According to the version of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 119932
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119932
    title EulerOS 2.0 SP2 : python-paramiko (EulerOS-SA-2018-1443)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2018-3406.NASL
    description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 119090
    published 2018-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119090
    title Virtuozzo 6 : python-paramiko (VZLSA-2018-3406)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-129.NASL
    description This update for python-paramiko to version 2.4.2 fixes the following issues : Security issue fixed : - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Non-security issue fixed : - Disable experimental gssapi support (bsc#1115769) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-02-05
    plugin id 121589
    published 2019-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121589
    title openSUSE Security Update : python-paramiko (openSUSE-2019-129)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-AFF51F5E62.NASL
    description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118104
    published 2018-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118104
    title Fedora 27 : python-paramiko (2018-aff51f5e62)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3406.NASL
    description From Red Hat Security Advisory 2018:3406 : An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118511
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118511
    title Oracle Linux 6 : python-paramiko (ELSA-2018-3406)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1096.NASL
    description Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.(CVE-2018-1000805)
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118363
    published 2018-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118363
    title Amazon Linux AMI : python-paramiko (ALAS-2018-1096)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3347.NASL
    description An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 119044
    published 2018-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119044
    title CentOS 7 : python-paramiko (CESA-2018:3347)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3406.NASL
    description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118838
    published 2018-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118838
    title CentOS 6 : python-paramiko (CESA-2018:3406)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3347.NASL
    description An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118543
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118543
    title RHEL 7 : python-paramiko (RHSA-2018:3347)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_PYTHON_PARAMIKO_ON_SL7_X.NASL
    description Security Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 119197
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119197
    title Scientific Linux Security Update : python-paramiko on SL7.x (noarch)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181031_PYTHON_PARAMIKO_ON_SL6_X.NASL
    description Security Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118727
    published 2018-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118727
    title Scientific Linux Security Update : python-paramiko on SL6.x (noarch)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3796-1.NASL
    description Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118201
    published 2018-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118201
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : paramiko vulnerability (USN-3796-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0270.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Split handler tables for server and client side - Fix (CVE-2018-1000805) - Resolves: rhbz#1637365
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118708
    published 2018-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118708
    title OracleVM 3.3 / 3.4 : python-paramiko (OVMSA-2018-0270)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3406.NASL
    description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2019-01-09
    plugin id 118553
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118553
    title RHEL 6 : python-paramiko (RHSA-2018:3406)
  • NASL family Misc.
    NASL id LIBSSH_0_8_4_REMOTE.NASL
    description The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisory but has also been observed as applicable to other applications and software packages.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 118154
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118154
    title SSH Protocol Authentication Bypass (Remote Exploit Check)
redhat via4
advisories
  • bugzilla
    id 1637263
    title CVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment python-paramiko is earlier than 0:2.1.1-9.el7
          oval oval:com.redhat.rhsa:tst:20183347005
        • comment python-paramiko is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181124006
      • AND
        • comment python-paramiko-doc is earlier than 0:2.1.1-9.el7
          oval oval:com.redhat.rhsa:tst:20183347007
        • comment python-paramiko-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183347008
    rhsa
    id RHSA-2018:3347
    released 2018-10-30
    severity Critical
    title RHSA-2018:3347: python-paramiko security update (Critical)
  • bugzilla
    id 1637263
    title CVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py
    oval
    AND
    • comment python-paramiko is earlier than 0:1.7.5-5.el6_10
      oval oval:com.redhat.rhsa:tst:20183406005
    • comment python-paramiko is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20181124006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    rhsa
    id RHSA-2018:3406
    released 2018-10-30
    severity Critical
    title RHSA-2018:3406: python-paramiko security update (Critical)
  • rhsa
    id RHBA-2018:3497
  • rhsa
    id RHSA-2018:3505
rpms
  • python-paramiko-0:2.1.1-9.el7
  • python-paramiko-doc-0:2.1.1-9.el7
  • python-paramiko-0:1.7.5-5.el6_10
refmap via4
confirm https://github.com/paramiko/paramiko/issues/1283
misc https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
mlist [debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update
ubuntu
  • USN-3796-1
  • USN-3796-2
  • USN-3796-3
Last major update 08-10-2018 - 11:29
Published 08-10-2018 - 11:29
Last modified 16-04-2019 - 16:53
Back to Top