Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-7750

Authentication bypass in transport.pytransport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. (CVE-2018-7750 )

Source

ALAS-2018-989

Amazon Linux AMI Security Advisory: ALAS-2018-989
Advisory Release Date: 2018-04-05 16:41 Pacific
Advisory Updated Date: 2018-04-05 23:15 Pacific

Severity: Critical

References: CVE-2018-7750

Issue Overview:

Authentication bypass in transport.py
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. (CVE-2018-7750 )

Affected Packages:

python-paramiko

Issue Correction:
Run yum update python-paramiko to update your system.

New Packages:

noarch:
    python26-paramiko-1.15.1-2.6.amzn1.noarch
    python27-paramiko-1.15.1-2.6.amzn1.noarch

src:
    python-paramiko-1.15.1-2.6.amzn1.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2018-989

ALAS-2018-989

Vulmon Search

About

Products

Connect