Bug 1557130 (CVE-2018-7750)
| Summary: | CVE-2018-7750 python-paramiko: Authentication bypass in transport.py | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | agrimm, ahardin, amoralej, apevec, apinnick, athmanem, bcourt, bkearney, bleanhar, bmcclain, btarraso, ccoleman, chrisw, cpelland, cstratak, dajohnso, dbaker, dblechte, dedgar, dmcphers, dmoppert, eedri, gblomqui, gmccullo, gtanzill, gwync, hhudgeon, ivazqueznet, jcammara, jfrey, jgoulding, jhardy, jjoyce, jkeck, jmatthew, jokerman, jprause, jschluet, jshepherd, kbasil, lhh, lpeer, markmc, mburns, mchappel, mgoldboi, michal.skrivanek, mmccune, mrike, obarenbo, ohadlevy, paul, pcahyna, psampaio, python-maint, rchan, rebus, roliveri, sclewis, security-response-team, sgallagh, sherold, simaishi, sisharma, slinaber, smallamp, ssaha, tcarlin, tdecacqu, tkuratom, torsava, tsanders, vbellur, yjog, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | yjog:
needinfo-
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | python-paramiko 1.17.6, python-paramiko 1.18.5, python-paramiko 2.0.8, python-paramiko 2.1.5, python-paramiko 2.2.3, python-paramiko 2.3.2, python-paramiko 2.4.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:17:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1557131, 1557132, 1557134, 1557135, 1557139, 1557140, 1557141, 1557142, 1557150, 1557564, 1557565, 1557566, 1557568, 1557855, 1557856, 1558198, 1558199, 1561359, 1564049, 1564050, 1564051, 1564053, 1564374, 1564375, 1564376, 1564377, 1568093, 1568284, 1638846 | ||
| Bug Blocks: | 1557133 | ||
|
Description
Sam Fowler
2018-03-16 04:42:33 UTC
Created python-paramiko tracking bugs for this issue: Affects: fedora-all [bug 1557131] Affects: epel-all [bug 1557132] Created python-paramiko tracking bugs for this issue: Affects: openstack-rdo [bug 1557134] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2018:0591 https://access.redhat.com/errata/RHSA-2018:0591 This issue has been addressed in the following products: Red Hat Ansible Engine 2 for RHEL 7 Via RHSA-2018:0646 https://access.redhat.com/errata/RHSA-2018:0646 With regards to openstack-rdo [bug 1557134], RDO uses packages in CentOS extras repo so we will get the fix for this CVE via extras repo update in CentOS. I'll keep updated bug 1557134. This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Red Hat Enterprise Linux 6.5 Advanced Update Support Red Hat Enterprise Linux 6.6 Advanced Update Support Red Hat Enterprise Linux 6.6 Telco Extended Update Support Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2018:1125 https://access.redhat.com/errata/RHSA-2018:1125 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1124 https://access.redhat.com/errata/RHSA-2018:1124 This issue has been addressed in the following products: Red Hat Ansible Engine 2.4 for RHEL 7 Via RHSA-2018:1213 https://access.redhat.com/errata/RHSA-2018:1213 This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Red Hat Virtualization Engine 4.1 Via RHSA-2018:1274 https://access.redhat.com/errata/RHSA-2018:1274 This issue has been addressed in the following products: CloudForms Management Engine 5.9 Via RHSA-2018:1328 https://access.redhat.com/errata/RHSA-2018:1328 This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1525 This issue has been addressed in the following products: CloudForms Management Engine 5.8 Via RHSA-2018:1972 https://access.redhat.com/errata/RHSA-2018:1972 Statement: This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited. The following Red Hat products use paramiko only in client-side mode. Server side functionality is not used. * Red Hat Ceph Storage 2 * Red Hat CloudForms 4 * Red Hat Enterprise Linux 7 * Red Hat Enterprise Virtualization * Red Hat Gluster Storage 3 * Red Hat Openshift Container Platform * Red Hat Quick Cloud Installer * Red Hat Satellite 6 * Red Hat Storage Console 2 * Red Hat OpenStack Platform * Red Hat Update Infrastructure Satellite 6 before 6.3 was shipping paramiko for ansible and openshift-ansible. Right now paramiko get pulled as a ansible dependency thus satellite does not need separate erratum. * Earlier Satellite 6.3 paramiko dep -- ~~~ [ytale@cordelia manifests]$ grep -inr paramiko | grep sat manifest-eol.txt:8826:rhn_satellite:6.3/python-paramiko-2.1.1-2.el7ae.noarch.rpm ~~~ * Satellite 6.6 paramiko dep -- ~~~ [root@smqa-x3650-01-vm01 ~]# rpm -qi --whatrequires python-paramiko Name : ansible Version : 2.8.10 ~~~ |