CVE-2018-1000805

CVE-2018-1000805

Name

CVE-2018-1000805

Description

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/paramiko/paramiko/issues/1283
Third Party Advisory	https://usn.ubuntu.com/3796-2/
Third Party Advisory	https://usn.ubuntu.com/3796-1/
Third Party Advisory	https://usn.ubuntu.com/3796-3/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3406
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3347
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3505
Third Party Advisory	https://access.redhat.com/errata/RHBA-2018:3497
Exploit	https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt

Type

URI

Patch

https://github.com/paramiko/paramiko/issues/1283

Third Party Advisory

https://usn.ubuntu.com/3796-2/

Third Party Advisory

https://usn.ubuntu.com/3796-1/

Third Party Advisory

https://usn.ubuntu.com/3796-3/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3406

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3347

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3505

Third Party Advisory

https://access.redhat.com/errata/RHBA-2018:3497

Exploit

https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:paramiko:paramiko:2.1.5:::::::*`	paramiko	== None	== 2.1.5
`cpe:2.3:a:paramiko:paramiko:1.18.5:::::::*`	paramiko	== None	== 1.18.5
`cpe:2.3:a:paramiko:paramiko:2.3.2:::::::*`	paramiko	== None	== 2.3.2
`cpe:2.3:a:paramiko:paramiko:2.2.3:::::::*`	paramiko	== None	== 2.2.3
`cpe:2.3:a:paramiko:paramiko:2.4.1:::::::*`	paramiko	== None	== 2.4.1
`cpe:2.3:a:paramiko:paramiko:2.0.8:::::::*`	paramiko	== None	== 2.0.8
`cpe:2.3:a:paramiko:paramiko:1.17.6:::::::*`	paramiko	== None	== 1.17.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:*

paramiko

== None

== 2.1.5

cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:*

paramiko

== None

== 1.18.5

cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:*

paramiko

== None

== 2.3.2

cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:*

paramiko

== None

== 2.2.3

cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:*

paramiko

== None

== 2.4.1

cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:*

paramiko

== None

== 2.0.8

cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:*

paramiko

== None

== 1.17.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
py3-paramiko	edge-main	2.4.2-r0	None	fixed
py3-paramiko	edge-community	2.4.2-r0	None	fixed
py3-paramiko	3.22-community	2.4.2-r0	None	fixed
py3-paramiko	3.21-community	2.4.2-r0	None	fixed
py3-paramiko	3.20-community	2.4.2-r0	None	fixed
py3-paramiko	3.19-community	2.4.2-r0	None	fixed
py3-paramiko	3.18-community	2.4.2-r0	None	fixed
py3-paramiko	3.17-community	2.4.2-r0	None	fixed
py3-paramiko	3.12-main	2.4.2-r0	None	fixed
py3-paramiko	3.11-main	2.4.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

py3-paramiko

edge-main

2.4.2-r0

None

fixed

py3-paramiko

edge-community