—
PYSEC-2018-19
상세
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / paramiko
최초 영향 버전:
0 수정 버전: fa29bd8446c8eab237f5187d28787727b4610516 수정
pip install --upgrade 'paramiko>=fa29bd8446c8eab237f5187d28787727b4610516' 참고
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516 [FIX]
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst [WEB]
- https://github.com/paramiko/paramiko/issues/1175 [REPORT]
- https://usn.ubuntu.com/3603-2/ [WEB]
- https://access.redhat.com/errata/RHSA-2018:0591 [ADVISORY]
- https://usn.ubuntu.com/3603-1/ [WEB]
- https://access.redhat.com/errata/RHSA-2018:0646 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1125 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1124 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1213 [ADVISORY]
- http://www.securityfocus.com/bid/103713 [WEB]
- https://access.redhat.com/errata/RHSA-2018:1274 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1328 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1525 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2018:1972 [ADVISORY]
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html [WEB]
- https://www.exploit-db.com/exploits/45712/ [WEB]
- https://github.com/advisories/GHSA-232r-66cg-79px [ADVISORY]