Vulnerabilities > CVE-2018-1000805 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
paramiko
redhat
debian
canonical
CWE-863
nessus

Summary

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3FF1CB628B.NASL
    descriptionPython Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120374
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120374
    titleFedora 28 : python-paramiko (2018-3ff1cb628b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-3ff1cb628b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120374);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-1000805");
      script_xref(name:"FEDORA", value:"2018-3ff1cb628b");
    
      script_name(english:"Fedora 28 : python-paramiko (2018-3ff1cb628b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an
    authentication bypass in `paramiko/auth_handler.py`. A remote attacker
    could exploit this vulnerability in Paramiko SSH servers to execute
    arbitrary code. Note that applications using Paramiko only as a client
    (such as ansible) are not affected by this.
    
    There is also an additional fix preventing `MSG_UNIMPLEMENTED`
    feedback loops that could manifest when both ends of a connection are
    Paramiko-based.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-3ff1cb628b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python-paramiko package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-paramiko");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"python-paramiko-2.4.2-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-paramiko");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1096.NASL
    descriptionParamiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.(CVE-2018-1000805)
    last seen2020-06-01
    modified2020-06-02
    plugin id118363
    published2018-10-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118363
    titleAmazon Linux AMI : python-paramiko (ALAS-2018-1096)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3347.NASL
    descriptionFrom Red Hat Security Advisory 2018:3347 : An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118810
    published2018-11-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118810
    titleOracle Linux 7 : python-paramiko (ELSA-2018-3347)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1443.NASL
    descriptionAccording to the version of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119932
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119932
    titleEulerOS 2.0 SP2 : python-paramiko (EulerOS-SA-2018-1443)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-AFF51F5E62.NASL
    descriptionPython Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-10-15
    plugin id118104
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118104
    titleFedora 27 : python-paramiko (2018-aff51f5e62)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0205_PARAMIKO.NASL
    descriptionAn update of the paramiko package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122902
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122902
    titlePhoton OS 1.0: Paramiko PHSA-2019-1.0-0205
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_PYTHON_PARAMIKO_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
    last seen2020-03-18
    modified2018-11-27
    plugin id119197
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119197
    titleScientific Linux Security Update : python-paramiko on SL7.x (noarch) (20181030)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0147_PYTHON-PARAMIKO.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has python-paramiko packages installed that are affected by a vulnerability: - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. (CVE-2018-1000805) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127417
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127417
    titleNewStart CGSL MAIN 4.05 : python-paramiko Vulnerability (NS-SA-2019-0147)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0270.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Split handler tables for server and client side - Fix (CVE-2018-1000805) - Resolves: rhbz#1637365
    last seen2020-06-01
    modified2020-06-02
    plugin id118708
    published2018-11-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118708
    titleOracleVM 3.3 / 3.4 : python-paramiko (OVMSA-2018-0270)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3347.NASL
    descriptionAn update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id119044
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119044
    titleCentOS 7 : python-paramiko (CESA-2018:3347)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1339.NASL
    descriptionAccording to the version of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-06
    plugin id124625
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124625
    titleEulerOS 2.0 SP5 : python-paramiko (EulerOS-SA-2019-1339)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3796-1.NASL
    descriptionDaniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118201
    published2018-10-18
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118201
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : paramiko vulnerability (USN-3796-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3470.NASL
    descriptionAn update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id118790
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118790
    titleRHEL 7 : Virtualization Manager (RHSA-2018:3470)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181031_PYTHON_PARAMIKO_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
    last seen2020-03-18
    modified2018-11-05
    plugin id118727
    published2018-11-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118727
    titleScientific Linux Security Update : python-paramiko on SL6.x (noarch) (20181031)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3406.NASL
    descriptionFrom Red Hat Security Advisory 2018:3406 : An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118511
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118511
    titleOracle Linux 6 : python-paramiko (ELSA-2018-3406)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3406.NASL
    descriptionAn update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118553
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118553
    titleRHEL 6 : python-paramiko (RHSA-2018:3406)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3347.NASL
    descriptionAn update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118543
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118543
    titleRHEL 7 : python-paramiko (RHSA-2018:3347)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1556.NASL
    descriptionCVE-2018-1000805 Fix to prevent malicious clients to trick the Paramiko server into thinking an unauthenticated client is authenticated. CVE-2018-7750 Fix check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id118469
    published2018-10-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118469
    titleDebian DLA-1556-1 : paramiko security update
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2018-3406.NASL
    descriptionAn update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119090
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119090
    titleVirtuozzo 6 : python-paramiko (VZLSA-2018-3406)
  • NASL familyMisc.
    NASL idLIBSSH_0_8_4_REMOTE.NASL
    descriptionThe remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST method that normally would initiate authentication. Note: This vulnerability was disclosed in a libssh advisory but has also been observed as applicable to other applications and software packages.
    last seen2020-05-16
    modified2018-10-17
    plugin id118154
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118154
    titleSSH Protocol Authentication Bypass (Remote Exploit Check)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3796-3.NASL
    descriptionUSN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details : Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118326
    published2018-10-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118326
    titleUbuntu 18.10 : paramiko vulnerability (USN-3796-3)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-EA6B328AFD.NASL
    descriptionPython Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this vulnerability in Paramiko SSH servers to execute arbitrary code. Note that applications using Paramiko only as a client (such as ansible) are not affected by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED` feedback loops that could manifest when both ends of a connection are Paramiko-based. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120878
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120878
    titleFedora 29 : python-paramiko (2018-ea6b328afd)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3406.NASL
    descriptionAn update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es) : * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118838
    published2018-11-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118838
    titleCentOS 6 : python-paramiko (CESA-2018:3406)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-129.NASL
    descriptionThis update for python-paramiko to version 2.4.2 fixes the following issues : Security issue fixed : - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Non-security issue fixed : - Disable experimental gssapi support (bsc#1115769) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2019-02-05
    plugin id121589
    published2019-02-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121589
    titleopenSUSE Security Update : python-paramiko (openSUSE-2019-129)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1404.NASL
    descriptionAccording to the versions of the python-paramiko package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. - Security fix(es): - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124907
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124907
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1588.NASL
    descriptionAccording to the version of the python-paramiko packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.(CVE-2018-1000805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-06
    modified2020-05-26
    plugin id136866
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136866
    titleEulerOS 2.0 SP8 : python-paramiko (EulerOS-SA-2020-1588)

Redhat

advisories
  • bugzilla
    id1637263
    titleCVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpython-paramiko-doc is earlier than 0:2.1.1-9.el7
            ovaloval:com.redhat.rhsa:tst:20183347001
          • commentpython-paramiko-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183347002
        • AND
          • commentpython-paramiko is earlier than 0:2.1.1-9.el7
            ovaloval:com.redhat.rhsa:tst:20183347003
          • commentpython-paramiko is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181124002
    rhsa
    idRHSA-2018:3347
    released2018-10-30
    severityCritical
    titleRHSA-2018:3347: python-paramiko security update (Critical)
  • bugzilla
    id1637263
    titleCVE-2018-1000805 python-paramiko: Authentication bypass in auth_handler.py
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentpython-paramiko is earlier than 0:1.7.5-5.el6_10
        ovaloval:com.redhat.rhsa:tst:20183406001
      • commentpython-paramiko is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20181124002
    rhsa
    idRHSA-2018:3406
    released2018-10-30
    severityCritical
    titleRHSA-2018:3406: python-paramiko security update (Critical)
  • rhsa
    idRHBA-2018:3497
  • rhsa
    idRHSA-2018:3505
rpms
  • rhvm-appliance-2:4.2-20181026.1.el7
  • python-paramiko-0:2.1.1-9.el7
  • python-paramiko-doc-0:2.1.1-9.el7
  • python-paramiko-0:1.7.5-4.el6_4.1
  • python-paramiko-0:1.7.5-4.el6_5.1
  • python-paramiko-0:1.7.5-4.el6_6.1
  • python-paramiko-0:1.7.5-4.el6_7.1
  • python-paramiko-0:1.7.5-5.el6_10
  • imgbased-0:1.0.29-1.el7ev
  • python-imgbased-0:1.0.29-1.el7ev
  • redhat-release-virtualization-host-0:4.2-7.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20181026.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-7.3.el7