Описание
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.
Отчет
This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing paramiko.ServerInterface). Where paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.
The following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.
- Red Hat Ceph Storage 2
- Red Hat CloudForms 4
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Virtualization
- Red Hat Gluster Storage 3
- Red Hat Openshift Container Platform
- Red Hat Quick Cloud Installer
- Red Hat Satellite 6
- Red Hat Storage Console 2
- Red Hat OpenStack Platform
- Red Hat Update Infrastructure
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-paramiko | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-paramiko | Will not fix | ||
| Red Hat OpenShift Enterprise 3 | python-paramiko | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-paramiko | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-paramiko | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | python-paramiko | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | python-paramiko | Affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-paramiko | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-paramiko | Will not fix | ||
| Red Hat Quickstart Cloud Installer 1 | python-paramiko | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
transport.py in the SSH server implementation of Paramiko before 1.17. ...
EPSS
9.8 Critical
CVSS3