- Vulnerability/
- USN-3796-3
USN-3796-3: Paramiko vulnerability
First published: Mon Oct 22 2018(Updated: )
USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-paramiko | <2.4.1-0ubuntu3.1 | 2.4.1-0ubuntu3.1 |
| =18.10 | ||
| All of | ||
| ubuntu/python-paramiko | <2.4.1-0ubuntu3.1 | 2.4.1-0ubuntu3.1 |
| =18.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Paramiko vulnerability?
The vulnerability ID is USN-3796-3.
What is the affected software?
The affected software is python3-paramiko version 2.4.1-0ubuntu3.1 on Ubuntu 18.10.
How can an attacker exploit this vulnerability?
An attacker can bypass authentication when Paramiko is used as a server.
How can I fix this vulnerability?
You can fix this vulnerability by updating to version 2.4.1-0ubuntu3.1 of python3-paramiko.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu security website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-3796-2
- anchor-related/USN-3796-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.10