CVE-2018-7750 Information

Description

transport.py in the SSH server implementation of Paramiko before 1.17.6 1.18.x before 1.18.5 2.0.x before 2.0.8 2.1.x before 2.1.5 2.2.x before 2.2.3 2.3.x before 2.3.2 and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103713 https://access.redhat.com/errata/RHSA-2018:0591 https://access.redhat.com/errata/RHSA-2018:0646 https://access.redhat.com/errata/RHSA-2018:1124 https://access.redhat.com/errata/RHSA-2018:1125 https://access.redhat.com/errata/RHSA-2018:1213 https://access.redhat.com/errata/RHSA-2018:1274 https://access.redhat.com/errata/RHSA-2018:1328 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1972 https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516 https://github.com/paramiko/paramiko/issues/1175 https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html https://usn.ubuntu.com/3603-1/ https://usn.ubuntu.com/3603-2/ https://www.exploit-db.com/exploits/45712/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8