Vulnerabilities > CVE-2018-1000805 - Incorrect Authorization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-3FF1CB628B.NASL description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120374 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120374 title Fedora 28 : python-paramiko (2018-3ff1cb628b) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-3ff1cb628b. # include("compat.inc"); if (description) { script_id(120374); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1000805"); script_xref(name:"FEDORA", value:"2018-3ff1cb628b"); script_name(english:"Fedora 28 : python-paramiko (2018-3ff1cb628b)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3ff1cb628b" ); script_set_attribute( attribute:"solution", value:"Update the affected python-paramiko package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-paramiko"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"python-paramiko-2.4.2-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-paramiko"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1096.NASL description Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.(CVE-2018-1000805) last seen 2020-06-01 modified 2020-06-02 plugin id 118363 published 2018-10-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118363 title Amazon Linux AMI : python-paramiko (ALAS-2018-1096) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-3347.NASL description From Red Hat Security Advisory 2018:3347 : An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118810 published 2018-11-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118810 title Oracle Linux 7 : python-paramiko (ELSA-2018-3347) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1443.NASL description According to the version of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-12-28 plugin id 119932 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119932 title EulerOS 2.0 SP2 : python-paramiko (EulerOS-SA-2018-1443) NASL family Fedora Local Security Checks NASL id FEDORA_2018-AFF51F5E62.NASL description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-10-15 plugin id 118104 published 2018-10-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118104 title Fedora 27 : python-paramiko (2018-aff51f5e62) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0205_PARAMIKO.NASL description An update of the paramiko package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122902 published 2019-03-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122902 title Photon OS 1.0: Paramiko PHSA-2019-1.0-0205 NASL family Scientific Linux Local Security Checks NASL id SL_20181030_PYTHON_PARAMIKO_ON_SL7_X.NASL description Security Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) last seen 2020-03-18 modified 2018-11-27 plugin id 119197 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119197 title Scientific Linux Security Update : python-paramiko on SL7.x (noarch) (20181030) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0147_PYTHON-PARAMIKO.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has python-paramiko packages installed that are affected by a vulnerability: - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. (CVE-2018-1000805) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127417 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127417 title NewStart CGSL MAIN 4.05 : python-paramiko Vulnerability (NS-SA-2019-0147) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0270.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Split handler tables for server and client side - Fix (CVE-2018-1000805) - Resolves: rhbz#1637365 last seen 2020-06-01 modified 2020-06-02 plugin id 118708 published 2018-11-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118708 title OracleVM 3.3 / 3.4 : python-paramiko (OVMSA-2018-0270) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3347.NASL description An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 119044 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119044 title CentOS 7 : python-paramiko (CESA-2018:3347) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1339.NASL description According to the version of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124625 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124625 title EulerOS 2.0 SP5 : python-paramiko (EulerOS-SA-2019-1339) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3796-1.NASL description Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118201 published 2018-10-18 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118201 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : paramiko vulnerability (USN-3796-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3470.NASL description An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 118790 published 2018-11-07 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118790 title RHEL 7 : Virtualization Manager (RHSA-2018:3470) NASL family Scientific Linux Local Security Checks NASL id SL_20181031_PYTHON_PARAMIKO_ON_SL6_X.NASL description Security Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) last seen 2020-03-18 modified 2018-11-05 plugin id 118727 published 2018-11-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118727 title Scientific Linux Security Update : python-paramiko on SL6.x (noarch) (20181031) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-3406.NASL description From Red Hat Security Advisory 2018:3406 : An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118511 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118511 title Oracle Linux 6 : python-paramiko (ELSA-2018-3406) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3406.NASL description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118553 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118553 title RHEL 6 : python-paramiko (RHSA-2018:3406) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3347.NASL description An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118543 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118543 title RHEL 7 : python-paramiko (RHSA-2018:3347) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1556.NASL description CVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 118469 published 2018-10-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118469 title Debian DLA-1556-1 : paramiko security update NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2018-3406.NASL description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119090 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119090 title Virtuozzo 6 : python-paramiko (VZLSA-2018-3406) NASL family Misc. NASL id LIBSSH_0_8_4_REMOTE.NASL description The remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisory but has also been observed as applicable to other applications and software packages. last seen 2020-05-16 modified 2018-10-17 plugin id 118154 published 2018-10-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118154 title SSH Protocol Authentication Bypass (Remote Exploit Check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3796-3.NASL description USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details : Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118326 published 2018-10-23 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118326 title Ubuntu 18.10 : paramiko vulnerability (USN-3796-3) NASL family Fedora Local Security Checks NASL id FEDORA_2018-EA6B328AFD.NASL description Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120878 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120878 title Fedora 29 : python-paramiko (2018-ea6b328afd) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3406.NASL description An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118838 published 2018-11-09 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118838 title CentOS 6 : python-paramiko (CESA-2018:3406) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-129.NASL description This update for python-paramiko to version 2.4.2 fixes the following issues : Security issue fixed : - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Non-security issue fixed : - Disable experimental gssapi support (bsc#1115769) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2019-02-05 plugin id 121589 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121589 title openSUSE Security Update : python-paramiko (openSUSE-2019-129) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1404.NASL description According to the versions of the python-paramiko package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. - Security fix(es): - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124907 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124907 title EulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1588.NASL description According to the version of the python-paramiko packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-05-26 plugin id 136866 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136866 title EulerOS 2.0 SP8 : python-paramiko (EulerOS-SA-2020-1588)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/paramiko/paramiko/issues/1283
- https://usn.ubuntu.com/3796-2/
- https://usn.ubuntu.com/3796-1/
- https://usn.ubuntu.com/3796-3/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://access.redhat.com/errata/RHSA-2018:3406
- https://access.redhat.com/errata/RHSA-2018:3347
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHBA-2018:3497
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html