Описание
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-asyncssh | fixed | 2.15.0-1 | package | |
| python-asyncssh | fixed | 2.10.1-2+deb12u2 | bookworm | package |
| python-asyncssh | no-dsa | buster | package |
Примечания
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e (v2.14.1)
https://terrapin-attack.com/
EPSS
Связанные уязвимости
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Уязвимость пакета клиентской и серверной реализации протокола SSHv2 asyncssh интерпретатора языка программирования Python, позволяющая нарушителю проводить атаки типа "человек по середине"
EPSS