—
PYSEC-2018-69
Details
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/paramiko/paramiko/issues/1283 [REPORT]
- https://usn.ubuntu.com/3796-2/ [WEB]
- https://usn.ubuntu.com/3796-1/ [WEB]
- https://usn.ubuntu.com/3796-3/ [WEB]
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html [WEB]
- https://access.redhat.com/errata/RHSA-2018:3406 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:3347 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:3505 [ADVISORY]
- https://access.redhat.com/errata/RHBA-2018:3497 [ADVISORY]
- https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt [WEB]
- https://github.com/advisories/GHSA-f2j6-wrhh-v25m [ADVISORY]