Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1000805 (GCVE-0-2018-1000805)
Vulnerability from cvelistv5 – Published: 2018-10-08 15:00 – Updated: 2024-08-05 12:40
VLAI?
EPSS
Summary
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:3347 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3406 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/paramiko/paramiko/issues/1283 | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3796-3/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:3505 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHBA-2018:3497 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3796-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3796-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://herolab.usd.de/wp-content/uploads/sites/4… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Date Public ?
2018-09-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"name": "RHSA-2018:3406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"name": "USN-3796-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"name": "RHBA-2018:3497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"name": "USN-3796-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"name": "USN-3796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-10-05T00:00:00.000Z",
"datePublic": "2018-09-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T12:06:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:3347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"name": "RHSA-2018:3406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"name": "USN-3796-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"name": "RHSA-2018:3505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"name": "RHBA-2018:3497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"name": "USN-3796-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"name": "USN-3796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-10-05T22:22:07.610251",
"DATE_REQUESTED": "2018-09-10T10:57:20",
"ID": "CVE-2018-1000805",
"REQUESTER": "responsible-disclosure@usd.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3347",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"name": "RHSA-2018:3406",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"name": "https://github.com/paramiko/paramiko/issues/1283",
"refsource": "CONFIRM",
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"name": "USN-3796-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"name": "RHBA-2018:3497",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"name": "USN-3796-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"name": "USN-3796-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt",
"refsource": "MISC",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000805",
"datePublished": "2018-10-08T15:00:00.000Z",
"dateReserved": "2018-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:40:47.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1000805",
"date": "2026-05-21",
"epss": "0.00427",
"percentile": "0.6256"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5CF78F9-64C6-49D1-93A1-14265B0800E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E16CBFE9-BE97-48B3-88B0-5DCA4B0B39E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A48E2D2-3231-4C46-B7A9-0EA815459891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AABBAD13-B7C0-40AB-8351-4879E33D3979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E4B2395-168E-4255-93B6-1AF0B657BA5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD4FAE7A-9412-4038-8EDD-03A7645918ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0319361D-1B16-4B49-8387-B42995EC6272\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5319543-0143-4E2E-AA77-B7F116C1336C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB28F9AF-3D06-4532-B397-96D7E4792503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF83BB87-B203-48F9-9D06-48A5FE399050\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16E6D998-B41D-4B49-9E00-8336D2E40A4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C81647C-9A53-481D-A54C-36770A093F90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13E02156-E748-4820-B76F-7074793837E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"8D305F7A-D159-4716-AB26-5E38BB5CD991\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.\"}, {\"lang\": \"es\", \"value\": \"Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecuci\\u00f3n remota de c\\u00f3digo. Este ataque parece ser explotable mediante conectividad de red.\"}]",
"id": "CVE-2018-1000805",
"lastModified": "2024-11-21T03:40:23.620",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-10-08T15:29:00.713",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHBA-2018:3497\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3347\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3406\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/1283\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-3/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHBA-2018:3497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3347\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/paramiko/paramiko/issues/1283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3796-3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1000805\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-08T15:29:00.713\",\"lastModified\":\"2024-11-21T03:40:23.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.\"},{\"lang\":\"es\",\"value\":\"Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. Este ataque parece ser explotable mediante conectividad de red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5CF78F9-64C6-49D1-93A1-14265B0800E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E16CBFE9-BE97-48B3-88B0-5DCA4B0B39E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A48E2D2-3231-4C46-B7A9-0EA815459891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AABBAD13-B7C0-40AB-8351-4879E33D3979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4B2395-168E-4255-93B6-1AF0B657BA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD4FAE7A-9412-4038-8EDD-03A7645918ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0319361D-1B16-4B49-8387-B42995EC6272\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5319543-0143-4E2E-AA77-B7F116C1336C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF83BB87-B203-48F9-9D06-48A5FE399050\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E6D998-B41D-4B49-9E00-8336D2E40A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C81647C-9A53-481D-A54C-36770A093F90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E02156-E748-4820-B76F-7074793837E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3497\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3347\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3406\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/1283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2018:3497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3347\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/paramiko/paramiko/issues/1283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3796-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
BDU:2019-02721
Vulnerability from fstec - Published: 17.10.2018
VLAI Severity ?
Title
Уязвимость библиотеки Paramiko операционных систем Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization и консоли управления Red Hat Ansible Tower, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость библиотеки Paramiko операционных систем Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization и консоли управления Red Hat Ansible Tower связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью SSH протокола
Severity ?
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Oracle Corp., Red Hat Inc., Сообщество свободного программного обеспечения, АО «Концерн ВНИИНС»
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Solaris, Red Hat Enterprise Linux, Red Hat Virtualization, Ansible Tower, Paramiko, Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 11.4 (Solaris), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 12.04 ESM (Ubuntu), Server AUS 7.6 (Red Hat Enterprise Linux), Server EUS 7.6 (Red Hat Enterprise Linux), Server TUS 7.6 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Server AUS 6.4 (Red Hat Enterprise Linux), Server AUS 6.5 (Red Hat Enterprise Linux), Server AUS 6.6 (Red Hat Enterprise Linux), Server EUS 6.7 (Red Hat Enterprise Linux), Server TUS 6.6 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 4.0 (Red Hat Virtualization), 3.3 (Ansible Tower), 2.4.1 (Paramiko), 2.3.2 (Paramiko), 2.2.3 (Paramiko), 2.1.5 (Paramiko), 2.0.8 (Paramiko), 1.18.5 (Paramiko), 1.17.6 (Paramiko), 8 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Paramiko: обновление программного обеспечения до актуальной версии
Для Ubuntu:
https://usn.ubuntu.com/3796-1/
https://usn.ubuntu.com/3796-2/
https://usn.ubuntu.com/3796-3/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
Для Oracle Solaris:
https://www.oracle.com/technetwork/topics/security/bulletinjul2019-5600410.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3406
https://access.redhat.com/errata/RHSA-2018:3347
https://access.redhat.com/errata/RHBA-2018:3497
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет paramiko до 2.0.0-1+deb9u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения paramiko до версии 2.0.0-1+deb9u2
Reference
https://www.oracle.com/technetwork/topics/security/bulletinjul2019-5600410.html
https://github.com/paramiko/paramiko/issues/1283
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
https://usn.ubuntu.com/3796-1/
https://usn.ubuntu.com/3796-2/
https://usn.ubuntu.com/3796-3/
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3406
https://access.redhat.com/errata/RHSA-2018:3347
https://access.redhat.com/errata/RHBA-2018:3497
http://www.paramiko.org/changelog.html
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-284, CWE-305
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Oracle Corp., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11.4 (Solaris), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 12.04 ESM (Ubuntu), Server AUS 7.6 (Red Hat Enterprise Linux), Server EUS 7.6 (Red Hat Enterprise Linux), Server TUS 7.6 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Server AUS 6.4 (Red Hat Enterprise Linux), Server AUS 6.5 (Red Hat Enterprise Linux), Server AUS 6.6 (Red Hat Enterprise Linux), Server EUS 6.7 (Red Hat Enterprise Linux), Server TUS 6.6 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 4.0 (Red Hat Virtualization), 3.3 (Ansible Tower), 2.4.1 (Paramiko), 2.3.2 (Paramiko), 2.2.3 (Paramiko), 2.1.5 (Paramiko), 2.0.8 (Paramiko), 1.18.5 (Paramiko), 1.17.6 (Paramiko), 8 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Paramiko: \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3796-1/\nhttps://usn.ubuntu.com/3796-2/\nhttps://usn.ubuntu.com/3796-3/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00018.html\n\n\u0414\u043b\u044f Oracle Solaris:\nhttps://www.oracle.com/technetwork/topics/security/bulletinjul2019-5600410.html\n \n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2018:3505\nhttps://access.redhat.com/errata/RHSA-2018:3406\nhttps://access.redhat.com/errata/RHSA-2018:3347\nhttps://access.redhat.com/errata/RHBA-2018:3497\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 paramiko \u0434\u043e 2.0.0-1+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f paramiko \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.0-1+deb9u2",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.07.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02721",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1000805",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Solaris, Red Hat Enterprise Linux, Red Hat Virtualization, Ansible Tower, Paramiko, Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Oracle Corp. Solaris 11.4 , Red Hat Inc. Red Hat Enterprise Linux Desktop 6.0 , Red Hat Inc. Red Hat Enterprise Linux Server 6.0 , Red Hat Inc. Red Hat Enterprise Linux Workstation 6.0 , Canonical Ltd. Ubuntu 12.04 ESM , Red Hat Inc. Red Hat Enterprise Linux Server AUS 7.6 , Red Hat Inc. Red Hat Enterprise Linux Server EUS 7.6 , Red Hat Inc. Red Hat Enterprise Linux Server TUS 7.6 , Red Hat Inc. Red Hat Enterprise Linux Desktop 7.0 , Red Hat Inc. Red Hat Enterprise Linux Server AUS 6.4 , Red Hat Inc. Red Hat Enterprise Linux Server AUS 6.5 , Red Hat Inc. Red Hat Enterprise Linux Server AUS 6.6 , Red Hat Inc. Red Hat Enterprise Linux Server EUS 6.7 , Red Hat Inc. Red Hat Enterprise Linux Server TUS 6.6 , Red Hat Inc. Red Hat Enterprise Linux Workstation 7.0 , Red Hat Inc. Red Hat Virtualization 4.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Paramiko \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization \u0438 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Red Hat Ansible Tower, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284), \u041e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u0441\u0438\u043b\u0443 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 (CWE-305)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Paramiko \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization \u0438 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Red Hat Ansible Tower \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e SSH \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/topics/security/bulletinjul2019-5600410.html\nhttps://github.com/paramiko/paramiko/issues/1283 \nhttps://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt \nhttps://lists.debian.org/debian-lts-announce/2018/10/msg00018.html \nhttps://usn.ubuntu.com/3796-1/ \nhttps://usn.ubuntu.com/3796-2/ \nhttps://usn.ubuntu.com/3796-3/\nhttps://access.redhat.com/errata/RHSA-2018:3505\nhttps://access.redhat.com/errata/RHSA-2018:3406\nhttps://access.redhat.com/errata/RHSA-2018:3347\nhttps://access.redhat.com/errata/RHBA-2018:3497\nhttp://www.paramiko.org/changelog.html\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284, CWE-305",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2018-1000805
Vulnerability from fkie_nvd - Published: 2018-10-08 15:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| paramiko | paramiko | 1.17.6 | |
| paramiko | paramiko | 1.18.5 | |
| paramiko | paramiko | 2.0.8 | |
| paramiko | paramiko | 2.1.5 | |
| paramiko | paramiko | 2.2.3 | |
| paramiko | paramiko | 2.3.2 | |
| paramiko | paramiko | 2.4.1 | |
| redhat | ansible_tower | 3.3 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 6.4 | |
| redhat | enterprise_linux_server_aus | 6.5 | |
| redhat | enterprise_linux_server_aus | 6.6 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 6.7 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 6.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CF78F9-64C6-49D1-93A1-14265B0800E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E16CBFE9-BE97-48B3-88B0-5DCA4B0B39E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A48E2D2-3231-4C46-B7A9-0EA815459891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AABBAD13-B7C0-40AB-8351-4879E33D3979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4B2395-168E-4255-93B6-1AF0B657BA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4FAE7A-9412-4038-8EDD-03A7645918ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0319361D-1B16-4B49-8387-B42995EC6272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5319543-0143-4E2E-AA77-B7F116C1336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity."
},
{
"lang": "es",
"value": "Paramiko en versiones 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 y 1.17.6 contiene una vulnerabilidad de control de acceso incorrecto en el servidor SSH que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. Este ataque parece ser explotable mediante conectividad de red."
}
],
"id": "CVE-2018-1000805",
"lastModified": "2024-11-21T03:40:23.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-08T15:29:00.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F2J6-WRHH-V25M
Vulnerability from github – Published: 2018-10-10 16:10 – Updated: 2024-10-09 20:55
VLAI?
Summary
Paramiko Authentication Bypass vulnerability
Details
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.1"
},
{
"fixed": "2.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000805"
],
"database_specific": {
"cwe_ids": [
"CWE-732",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:33:26Z",
"nvd_published_at": "2018-10-08T15:29:00Z",
"severity": "HIGH"
},
"details": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"id": "GHSA-f2j6-wrhh-v25m",
"modified": "2024-10-09T20:55:50Z",
"published": "2018-10-10T16:10:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805"
},
{
"type": "WEB",
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f2j6-wrhh-v25m"
},
{
"type": "PACKAGE",
"url": "https://github.com/paramiko/paramiko"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml"
},
{
"type": "WEB",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Paramiko Authentication Bypass vulnerability"
}
GSD-2018-1000805
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1000805",
"description": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"id": "GSD-2018-1000805",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1000805.html",
"https://access.redhat.com/errata/RHBA-2018:3497",
"https://access.redhat.com/errata/RHSA-2018:3470",
"https://access.redhat.com/errata/RHSA-2018:3406",
"https://access.redhat.com/errata/RHSA-2018:3347",
"https://ubuntu.com/security/CVE-2018-1000805",
"https://alas.aws.amazon.com/cve/html/CVE-2018-1000805.html",
"https://linux.oracle.com/cve/CVE-2018-1000805.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1000805"
],
"details": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"id": "GSD-2018-1000805",
"modified": "2023-12-13T01:22:27.636875Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-10-05T22:22:07.610251",
"DATE_REQUESTED": "2018-09-10T10:57:20",
"ID": "CVE-2018-1000805",
"REQUESTER": "responsible-disclosure@usd.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3347",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"name": "RHSA-2018:3406",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"name": "https://github.com/paramiko/paramiko/issues/1283",
"refsource": "CONFIRM",
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"name": "USN-3796-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"name": "RHBA-2018:3497",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"name": "USN-3796-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"name": "USN-3796-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt",
"refsource": "MISC",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "==1.17.6||==1.18.5||==2.0.8||==2.1.5||==2.2.3||==2.3.2||==2.4.1",
"affected_versions": "Version 1.17.6, version 1.18.5, version 2.0.8, version 2.1.5, version 2.2.3, version 2.3.2, version 2.4.1",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-732",
"CWE-937"
],
"date": "2019-10-03",
"description": "Paramiko version contains an Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"fixed_versions": [
"1.18.0",
"2.0.0",
"2.0.9",
"2.1.6",
"2.2.4",
"2.3.3",
"2.4.2"
],
"identifier": "CVE-2018-1000805",
"identifiers": [
"CVE-2018-1000805"
],
"not_impacted": "All versions before 1.17.6, all versions after 1.17.6 before 1.18.5, all versions after 1.18.5 before 2.0.8, all versions after 2.0.8 before 2.1.5, all versions after 2.1.5 before 2.2.3, all versions after 2.2.3 before 2.3.2, all versions after 2.3.2 before 2.4.1, all versions after 2.4.1",
"package_slug": "pypi/paramiko",
"pubdate": "2018-10-08",
"solution": "Upgrade to versions 1.18.0, 2.0.0, 2.0.9, 2.1.6, 2.2.4, 2.3.3, 2.4.2 or above.",
"title": "Incorrect Permission Assignment for Critical Resource",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000805"
],
"uuid": "f9a4c59b-5c93-4d6d-a80c-93303d76bcfb"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1000805"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/paramiko/paramiko/issues/1283",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"name": "USN-3796-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"name": "USN-3796-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"name": "USN-3796-3",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"name": "[debian-lts-announce] 20181027 [SECURITY] [DLA 1556-1] paramiko security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"name": "RHSA-2018:3406",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"name": "RHSA-2018:3347",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHBA-2018:3497",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-06T18:35Z",
"publishedDate": "2018-10-08T15:29Z"
}
}
}
OPENSUSE-SU-2019:0129-1
Vulnerability from csaf_opensuse - Published: 2019-03-23 10:52 - Updated: 2019-03-23 10:52Summary
Security update for python-paramiko
Severity
Important
Notes
Title of the patch: Security update for python-paramiko
Description of the patch: This update for python-paramiko to version 2.4.2 fixes the following issues:
Security issue fixed:
- CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151)
Non-security issue fixed:
- Disable experimental gssapi support (bsc#1115769)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-129
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:python-paramiko-doc-2.4.2-lp150.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python2-paramiko-2.4.2-lp150.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-paramiko-2.4.2-lp150.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-paramiko",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-paramiko to version 2.4.2 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151)\n\nNon-security issue fixed:\n\n- Disable experimental gssapi support (bsc#1115769)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-129",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0129-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0129-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCEUJWPR53LIOAKYNV75JBMHWGAAK6SW/#GCEUJWPR53LIOAKYNV75JBMHWGAAK6SW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0129-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCEUJWPR53LIOAKYNV75JBMHWGAAK6SW/#GCEUJWPR53LIOAKYNV75JBMHWGAAK6SW"
},
{
"category": "self",
"summary": "SUSE Bug 1111151",
"url": "https://bugzilla.suse.com/1111151"
},
{
"category": "self",
"summary": "SUSE Bug 1115769",
"url": "https://bugzilla.suse.com/1115769"
},
{
"category": "self",
"summary": "SUSE Bug 1121846",
"url": "https://bugzilla.suse.com/1121846"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000805 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000805/"
}
],
"title": "Security update for python-paramiko",
"tracking": {
"current_release_date": "2019-03-23T10:52:45Z",
"generator": {
"date": "2019-03-23T10:52:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0129-1",
"initial_release_date": "2019-03-23T10:52:45Z",
"revision_history": [
{
"date": "2019-03-23T10:52:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"product": {
"name": "python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"product_id": "python-paramiko-doc-2.4.2-lp150.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"product": {
"name": "python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"product_id": "python2-paramiko-2.4.2-lp150.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-paramiko-2.4.2-lp150.2.3.1.noarch",
"product": {
"name": "python3-paramiko-2.4.2-lp150.2.3.1.noarch",
"product_id": "python3-paramiko-2.4.2-lp150.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-2.4.2-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-paramiko-doc-2.4.2-lp150.2.3.1.noarch"
},
"product_reference": "python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-paramiko-2.4.2-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-paramiko-2.4.2-lp150.2.3.1.noarch"
},
"product_reference": "python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-paramiko-2.4.2-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-paramiko-2.4.2-lp150.2.3.1.noarch"
},
"product_reference": "python3-paramiko-2.4.2-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000805"
}
],
"notes": [
{
"category": "general",
"text": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python3-paramiko-2.4.2-lp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000805",
"url": "https://www.suse.com/security/cve/CVE-2018-1000805"
},
{
"category": "external",
"summary": "SUSE Bug 1111151 for CVE-2018-1000805",
"url": "https://bugzilla.suse.com/1111151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python3-paramiko-2.4.2-lp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:python-paramiko-doc-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python2-paramiko-2.4.2-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:python3-paramiko-2.4.2-lp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:52:45Z",
"details": "critical"
}
],
"title": "CVE-2018-1000805"
}
]
}
OPENSUSE-SU-2024:11249-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python-paramiko-doc-2.7.2-3.7 on GA media
Severity
Moderate
Notes
Title of the patch: python-paramiko-doc-2.7.2-3.7 on GA media
Description of the patch: These are all security issues fixed in the python-paramiko-doc-2.7.2-3.7 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11249
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
10 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-paramiko-doc-2.7.2-3.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-paramiko-doc-2.7.2-3.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11249",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11249-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000805 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7750 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7750/"
}
],
"title": "python-paramiko-doc-2.7.2-3.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11249-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-doc-2.7.2-3.7.aarch64",
"product": {
"name": "python-paramiko-doc-2.7.2-3.7.aarch64",
"product_id": "python-paramiko-doc-2.7.2-3.7.aarch64"
}
},
{
"category": "product_version",
"name": "python36-paramiko-2.7.2-3.7.aarch64",
"product": {
"name": "python36-paramiko-2.7.2-3.7.aarch64",
"product_id": "python36-paramiko-2.7.2-3.7.aarch64"
}
},
{
"category": "product_version",
"name": "python38-paramiko-2.7.2-3.7.aarch64",
"product": {
"name": "python38-paramiko-2.7.2-3.7.aarch64",
"product_id": "python38-paramiko-2.7.2-3.7.aarch64"
}
},
{
"category": "product_version",
"name": "python39-paramiko-2.7.2-3.7.aarch64",
"product": {
"name": "python39-paramiko-2.7.2-3.7.aarch64",
"product_id": "python39-paramiko-2.7.2-3.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-doc-2.7.2-3.7.ppc64le",
"product": {
"name": "python-paramiko-doc-2.7.2-3.7.ppc64le",
"product_id": "python-paramiko-doc-2.7.2-3.7.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-paramiko-2.7.2-3.7.ppc64le",
"product": {
"name": "python36-paramiko-2.7.2-3.7.ppc64le",
"product_id": "python36-paramiko-2.7.2-3.7.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-paramiko-2.7.2-3.7.ppc64le",
"product": {
"name": "python38-paramiko-2.7.2-3.7.ppc64le",
"product_id": "python38-paramiko-2.7.2-3.7.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-paramiko-2.7.2-3.7.ppc64le",
"product": {
"name": "python39-paramiko-2.7.2-3.7.ppc64le",
"product_id": "python39-paramiko-2.7.2-3.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-doc-2.7.2-3.7.s390x",
"product": {
"name": "python-paramiko-doc-2.7.2-3.7.s390x",
"product_id": "python-paramiko-doc-2.7.2-3.7.s390x"
}
},
{
"category": "product_version",
"name": "python36-paramiko-2.7.2-3.7.s390x",
"product": {
"name": "python36-paramiko-2.7.2-3.7.s390x",
"product_id": "python36-paramiko-2.7.2-3.7.s390x"
}
},
{
"category": "product_version",
"name": "python38-paramiko-2.7.2-3.7.s390x",
"product": {
"name": "python38-paramiko-2.7.2-3.7.s390x",
"product_id": "python38-paramiko-2.7.2-3.7.s390x"
}
},
{
"category": "product_version",
"name": "python39-paramiko-2.7.2-3.7.s390x",
"product": {
"name": "python39-paramiko-2.7.2-3.7.s390x",
"product_id": "python39-paramiko-2.7.2-3.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-doc-2.7.2-3.7.x86_64",
"product": {
"name": "python-paramiko-doc-2.7.2-3.7.x86_64",
"product_id": "python-paramiko-doc-2.7.2-3.7.x86_64"
}
},
{
"category": "product_version",
"name": "python36-paramiko-2.7.2-3.7.x86_64",
"product": {
"name": "python36-paramiko-2.7.2-3.7.x86_64",
"product_id": "python36-paramiko-2.7.2-3.7.x86_64"
}
},
{
"category": "product_version",
"name": "python38-paramiko-2.7.2-3.7.x86_64",
"product": {
"name": "python38-paramiko-2.7.2-3.7.x86_64",
"product_id": "python38-paramiko-2.7.2-3.7.x86_64"
}
},
{
"category": "product_version",
"name": "python39-paramiko-2.7.2-3.7.x86_64",
"product": {
"name": "python39-paramiko-2.7.2-3.7.x86_64",
"product_id": "python39-paramiko-2.7.2-3.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-2.7.2-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64"
},
"product_reference": "python-paramiko-doc-2.7.2-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-2.7.2-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le"
},
"product_reference": "python-paramiko-doc-2.7.2-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-2.7.2-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x"
},
"product_reference": "python-paramiko-doc-2.7.2-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-2.7.2-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64"
},
"product_reference": "python-paramiko-doc-2.7.2-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-paramiko-2.7.2-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64"
},
"product_reference": "python36-paramiko-2.7.2-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-paramiko-2.7.2-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le"
},
"product_reference": "python36-paramiko-2.7.2-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-paramiko-2.7.2-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x"
},
"product_reference": "python36-paramiko-2.7.2-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-paramiko-2.7.2-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64"
},
"product_reference": "python36-paramiko-2.7.2-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-paramiko-2.7.2-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64"
},
"product_reference": "python38-paramiko-2.7.2-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-paramiko-2.7.2-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le"
},
"product_reference": "python38-paramiko-2.7.2-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-paramiko-2.7.2-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x"
},
"product_reference": "python38-paramiko-2.7.2-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-paramiko-2.7.2-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64"
},
"product_reference": "python38-paramiko-2.7.2-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-paramiko-2.7.2-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64"
},
"product_reference": "python39-paramiko-2.7.2-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-paramiko-2.7.2-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le"
},
"product_reference": "python39-paramiko-2.7.2-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-paramiko-2.7.2-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x"
},
"product_reference": "python39-paramiko-2.7.2-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-paramiko-2.7.2-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
},
"product_reference": "python39-paramiko-2.7.2-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000805"
}
],
"notes": [
{
"category": "general",
"text": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000805",
"url": "https://www.suse.com/security/cve/CVE-2018-1000805"
},
{
"category": "external",
"summary": "SUSE Bug 1111151 for CVE-2018-1000805",
"url": "https://bugzilla.suse.com/1111151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000805"
},
{
"cve": "CVE-2018-7750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7750"
}
],
"notes": [
{
"category": "general",
"text": "transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7750",
"url": "https://www.suse.com/security/cve/CVE-2018-7750"
},
{
"category": "external",
"summary": "SUSE Bug 1085276 for CVE-2018-7750",
"url": "https://bugzilla.suse.com/1085276"
},
{
"category": "external",
"summary": "SUSE Bug 1111151 for CVE-2018-7750",
"url": "https://bugzilla.suse.com/1111151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python-paramiko-doc-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python36-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python38-paramiko-2.7.2-3.7.x86_64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.aarch64",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.ppc64le",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.s390x",
"openSUSE Tumbleweed:python39-paramiko-2.7.2-3.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-7750"
}
]
}
PYSEC-2018-69
Vulnerability from pysec - Published: 2018-10-08 15:29 - Updated: 2021-08-25 04:30
VLAI?
Details
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Impacted products
| Name | purl | paramiko | pkg:pypi/paramiko |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "paramiko",
"purl": "pkg:pypi/paramiko"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.1"
},
{
"fixed": "2.0.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.10.0",
"1.10.1",
"1.10.2",
"1.10.3",
"1.10.4",
"1.10.5",
"1.10.6",
"1.10.7",
"1.11.0",
"1.11.1",
"1.11.2",
"1.11.3",
"1.11.4",
"1.11.5",
"1.11.6",
"1.12.0",
"1.12.1",
"1.12.2",
"1.12.3",
"1.12.4",
"1.13.0",
"1.13.1",
"1.13.2",
"1.13.3",
"1.13.4",
"1.14.0",
"1.14.1",
"1.14.2",
"1.14.3",
"1.15.0",
"1.15.1",
"1.15.2",
"1.15.3",
"1.15.4",
"1.15.5",
"1.16.0",
"1.16.1",
"1.16.2",
"1.16.3",
"1.17.0",
"1.17.1",
"1.17.2",
"1.17.3",
"1.17.4",
"1.17.5",
"1.17.6",
"1.18.0",
"1.18.1",
"1.18.2",
"1.18.3",
"1.18.4",
"1.18.5",
"1.5.1",
"1.5.2",
"1.5.4",
"1.6",
"1.6.1",
"1.6.2",
"1.6.3",
"1.6.4",
"1.7",
"1.7.1",
"1.7.2",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7.1",
"1.7.7.2",
"1.8.0",
"1.8.1",
"1.9.0",
"2.0.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8"
]
}
],
"aliases": [
"CVE-2018-1000805",
"GHSA-f2j6-wrhh-v25m"
],
"details": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"id": "PYSEC-2018-69",
"modified": "2021-08-25T04:30:15.170380Z",
"published": "2018-10-08T15:29:00Z",
"references": [
{
"type": "REPORT",
"url": "https://github.com/paramiko/paramiko/issues/1283"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-2/"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-1/"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3796-3/"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:3406"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"type": "WEB",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f2j6-wrhh-v25m"
}
]
}
RHBA-2018:3497
Vulnerability from csaf_redhat - Published: 2018-11-05 00:00 - Updated: 2026-01-13 22:09Summary
Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update
Severity
Low
Notes
Topic: An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Details: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
9.8 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3497",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"category": "external",
"summary": "1625894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625894"
},
{
"category": "external",
"summary": "1635987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635987"
},
{
"category": "external",
"summary": "1636387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636387"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3497.json"
}
],
"title": "Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-01-13T22:09:23+00:00",
"generator": {
"date": "2026-01-13T22:09:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHBA-2018:3497",
"initial_release_date": "2018-11-05T00:00:00+00:00",
"revision_history": [
{
"date": "2018-11-05T00:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-05T15:39:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:09:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product_id": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20181026.1.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product_id": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20181026.1.el7?arch=noarch\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000805",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1637263"
}
],
"notes": [
{
"category": "description",
"text": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-paramiko: Authentication bypass in auth_handler.py",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\n\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n\n* Red Hat Ansible Engine 2\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000805"
},
{
"category": "external",
"summary": "RHBZ#1637263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000805"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805"
}
],
"release_date": "2018-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-05T00:00:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-paramiko: Authentication bypass in auth_handler.py"
}
]
}
RHBA-2018_3497
Vulnerability from csaf_redhat - Published: 2018-11-05 00:00 - Updated: 2024-11-14 23:32Summary
Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update
Severity
Low
Notes
Topic: An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Details: The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
9.8 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2018:3497",
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
},
{
"category": "external",
"summary": "1625894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625894"
},
{
"category": "external",
"summary": "1635987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635987"
},
{
"category": "external",
"summary": "1636387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636387"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhba-2018_3497.json"
}
],
"title": "Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T23:32:21+00:00",
"generator": {
"date": "2024-11-14T23:32:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2018:3497",
"initial_release_date": "2018-11-05T00:00:00+00:00",
"revision_history": [
{
"date": "2018-11-05T00:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-05T15:39:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:32:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product_id": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20181026.1.el7?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product_id": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20181026.1.el7?arch=noarch\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-appliance-2:4.2-20181026.1.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
},
"product_reference": "rhvm-appliance-2:4.2-20181026.1.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000805",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1637263"
}
],
"notes": [
{
"category": "description",
"text": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-paramiko: Authentication bypass in auth_handler.py",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\n\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n\n* Red Hat Ansible Engine 2\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000805"
},
{
"category": "external",
"summary": "RHBZ#1637263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000805"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805"
}
],
"release_date": "2018-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-05T00:00:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2018:3497"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20181026.1.el7.src",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.noarch",
"7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20181026.1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-paramiko: Authentication bypass in auth_handler.py"
}
]
}
RHSA-2018:3347
Vulnerability from csaf_redhat - Published: 2018-10-30 12:39 - Updated: 2026-01-13 22:14Summary
Red Hat Security Advisory: python-paramiko security update
Severity
Critical
Notes
Topic: An update for python-paramiko is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.
Security Fix(es):
* python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
9.8 (Critical)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-paramiko is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.\n\nSecurity Fix(es):\n\n* python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3347",
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1637263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3347.json"
}
],
"title": "Red Hat Security Advisory: python-paramiko security update",
"tracking": {
"current_release_date": "2026-01-13T22:14:50+00:00",
"generator": {
"date": "2026-01-13T22:14:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2018:3347",
"initial_release_date": "2018-10-30T12:39:28+00:00",
"revision_history": [
{
"date": "2018-10-30T12:39:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-10-30T12:39:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:14:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-0:2.1.1-9.el7.src",
"product": {
"name": "python-paramiko-0:2.1.1-9.el7.src",
"product_id": "python-paramiko-0:2.1.1-9.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-paramiko@2.1.1-9.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-0:2.1.1-9.el7.noarch",
"product": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch",
"product_id": "python-paramiko-0:2.1.1-9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-paramiko@2.1.1-9.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"product": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"product_id": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-paramiko-doc@2.1.1-9.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Client-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7ComputeNode-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-0:2.1.1-9.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src"
},
"product_reference": "python-paramiko-0:2.1.1-9.el7.src",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-doc-0:2.1.1-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
},
"product_reference": "python-paramiko-doc-0:2.1.1-9.el7.noarch",
"relates_to_product_reference": "7Workstation-optional-7.6.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1000805",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1637263"
}
],
"notes": [
{
"category": "description",
"text": "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-paramiko: Authentication bypass in auth_handler.py",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\n\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n\n* Red Hat Ansible Engine 2\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000805"
},
{
"category": "external",
"summary": "RHBZ#1637263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000805"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000805"
}
],
"release_date": "2018-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:39:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3347"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Client-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Client-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7ComputeNode-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7ComputeNode-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Server-optional-Alt-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Server-optional-Alt-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.noarch",
"7Workstation-optional-7.6.Z:python-paramiko-0:2.1.1-9.el7.src",
"7Workstation-optional-7.6.Z:python-paramiko-doc-0:2.1.1-9.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "python-paramiko: Authentication bypass in auth_handler.py"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…