First published: Wed Oct 17 2018(Updated: )
Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-paramiko | <2.0.0-1ubuntu1.1 | 2.0.0-1ubuntu1.1 |
=18.04 | ||
All of | ||
ubuntu/python3-paramiko | <2.0.0-1ubuntu1.1 | 2.0.0-1ubuntu1.1 |
=18.04 | ||
All of | ||
ubuntu/python-paramiko | <1.16.0-1ubuntu0.2 | 1.16.0-1ubuntu0.2 |
=16.04 | ||
All of | ||
ubuntu/python3-paramiko | <1.16.0-1ubuntu0.2 | 1.16.0-1ubuntu0.2 |
=16.04 | ||
All of | ||
ubuntu/python-paramiko | <1.10.1-1git1ubuntu0.2 | 1.10.1-1git1ubuntu0.2 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of USN-3796-1 is CVE-2018-1000805.
The severity of CVE-2018-1000805 is high.
The Paramiko vulnerability affects Ubuntu versions 18.04, 16.04, and 14.04.
A remote attacker can exploit the Paramiko vulnerability to bypass authentication without any credentials.
To fix the Paramiko vulnerability in Ubuntu, update the python-paramiko and python3-paramiko packages to version 2.0.0-1ubuntu1.1 or later for Ubuntu 18.04 and version 1.16.0-1ubuntu0.2 or later for Ubuntu 16.04 and 14.04.