Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHBA-2018:3497 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3347 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3406 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3505 | Third Party Advisory |
https://github.com/paramiko/paramiko/issues/1283 | Patch Third Party Advisory |
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt | Broken Link |
https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3796-1/ | Third Party Advisory |
https://usn.ubuntu.com/3796-2/ | Third Party Advisory |
https://usn.ubuntu.com/3796-3/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
06 Apr 2022, 18:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
CWE | CWE-863 | |
References | (MISC) https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt - Broken Link | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html - Mailing List, Third Party Advisory |
28 Dec 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-10-08 15:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-1000805
Mitre link : CVE-2018-1000805
CVE.ORG link : CVE-2018-1000805
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_eus
- enterprise_linux_server_tus
- enterprise_linux_server
- ansible_tower
- enterprise_linux_workstation
- enterprise_linux_desktop
- virtualization_host
paramiko
- paramiko
canonical
- ubuntu_linux
CWE
CWE-863
Incorrect Authorization