Your submission was sent successfully! Close

CVE-2018-1000805

Published: 8 October 2018

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Notes

AuthorNote
ebarretto
with this issue, they decided to stop supporting versions 1.x
mdeslaur
this issue is in the server code, not the client code
Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
paramiko
Launchpad, Ubuntu, Debian
bionic
Released (2.0.0-1ubuntu1.1)
cosmic
Released (2.4.1-0ubuntu3.1)
precise
Released (1.7.7.1-2ubuntu1.2)
trusty
Released (1.10.1-1git1ubuntu0.2)
upstream
Released (2.4.2)
xenial
Released (1.16.0-1ubuntu0.2)
Patches:
upstream: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce