Project

General

Profile

Bug #10021

Bug #10020: py-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)

[3.8] py-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)

Added by Alicha CH about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
02/21/2019
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:
CVE-2018-1000805

Description

Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in
paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code.

Fixed In Version:

python-paramiko 2.4.2, python-paramiko 2.3.3, python-paramiko 2.2.4, python-paramiko 2.1.6, python-paramiko 2.0.9

References:

https://github.com/paramiko/paramiko/issues/1283
https://nvd.nist.gov/vuln/detail/CVE-2018-1000805

Patch:

https://github.com/paramiko/paramiko/commit/56c96a65

Associated revisions

Revision d6448b76 (diff)
Added by Leonardo Arena about 2 months ago

main/py-paramiko: security upgrade to 2.4.2 (CVE-2018-1000805)

Fixes #10021

History

#1 Updated by Anonymous about 2 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 1 month ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF