Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000805

Опубликовано: 07 сент. 2018
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Отчет

This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing paramiko.ServerInterface). Where paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited. The following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.

  • Red Hat Ansible Engine 2
  • Red Hat Ceph Storage 2
  • Red Hat CloudForms 4
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Virtualization
  • Red Hat Gluster Storage 3
  • Red Hat Openshift Container Platform
  • Red Hat Quick Cloud Installer
  • Red Hat Satellite 6
  • Red Hat Storage Console 2
  • Red Hat OpenStack Platform
  • Red Hat Update Infrastructure

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5python-paramikoOut of support scope
Red Hat Ansible Engine 2ansibleWill not fix
Red Hat Ceph Storage 2python-paramikoAffected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-paramikoWill not fix
Red Hat OpenShift Container Platform 3.2python-paramikoOut of support scope
Red Hat OpenShift Container Platform 3.3python-paramikoOut of support scope
Red Hat OpenShift Container Platform 3.4python-paramikoOut of support scope
Red Hat OpenShift Container Platform 3.5python-paramikoOut of support scope
Red Hat OpenShift Container Platform 3.6python-paramikoOut of support scope
Red Hat OpenShift Container Platform 3.7python-paramikoOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-305
https://bugzilla.redhat.com/show_bug.cgi?id=1637263python-paramiko: Authentication bypass in auth_handler.py

EPSS

Процентиль: 60%
0.00407
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000805

CVSS3: 8.8
ubuntu
около 7 лет назад

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

nvd логотип

CVE-2018-1000805

CVSS3: 8.8
nvd
около 7 лет назад

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

debian логотип

CVE-2018-1000805

CVSS3: 8.8
debian
около 7 лет назад

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...

suse-cvrf логотип

openSUSE-SU-2019:0129-1

suse-cvrf
больше 6 лет назад

Security update for python-paramiko

suse-cvrf логотип

SUSE-SU-2022:3730-1

suse-cvrf
около 3 лет назад

Security update for python-paramiko

EPSS

Процентиль: 60%
0.00407
Низкий

9.8 Critical

CVSS3