Bug 1557130 (CVE-2018-7750) - CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
Summary: CVE-2018-7750 python-paramiko: Authentication bypass in transport.py
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-7750
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=critical,public=20180313,repor...
Depends On: 1557568 1557131 1557132 1557134 1557135 1557139 1557140 1557141 1557142 1557150 1557564 1557565 1557566 1557855 1557856 1558198 1558199 1561359 1564049 1564050 1564051 1564053 1564374 1564375 1564376 1564377 1568093 1568284 1638846
Blocks: 1557133
TreeView+ depends on / blocked
 
Reported: 2018-03-16 04:42 UTC by Sam Fowler
Modified: 2019-07-31 15:24 UTC (History)
75 users (show)

Fixed In Version: python-paramiko 1.17.6, python-paramiko 1.18.5, python-paramiko 2.0.8, python-paramiko 2.1.5, python-paramiko 2.2.3, python-paramiko 2.3.2, python-paramiko 2.4.1
Doc Type: If docs needed, set a value
Doc Text:
It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:17:44 UTC
yjog: needinfo-


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0591 None None None 2018-03-26 14:45:16 UTC
Red Hat Product Errata RHSA-2018:0646 None None None 2018-04-05 16:39:03 UTC
Red Hat Product Errata RHSA-2018:1124 None None None 2018-04-12 21:41:26 UTC
Red Hat Product Errata RHSA-2018:1125 None None None 2018-04-12 21:33:58 UTC
Red Hat Product Errata RHSA-2018:1213 None None None 2018-04-24 09:04:40 UTC
Red Hat Product Errata RHSA-2018:1274 None None None 2018-05-02 13:10:44 UTC
Red Hat Product Errata RHSA-2018:1328 None None None 2018-05-07 20:42:53 UTC
Red Hat Product Errata RHSA-2018:1525 None None None 2018-05-15 19:00:04 UTC
Red Hat Product Errata RHSA-2018:1972 None None None 2018-06-25 14:17:23 UTC

Description Sam Fowler 2018-03-16 04:42:33 UTC
A flaw was found in the implementation of transport.py in Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.


Upstream Issue:

https://github.com/paramiko/paramiko/issues/1175


Upstream Patch:

https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516

Comment 1 Sam Fowler 2018-03-16 04:43:39 UTC
Created python-paramiko tracking bugs for this issue:

Affects: fedora-all [bug 1557131]
Affects: epel-all [bug 1557132]

Comment 3 Sam Fowler 2018-03-16 05:00:06 UTC
Created python-paramiko tracking bugs for this issue:

Affects: openstack-rdo [bug 1557134]

Comment 26 errata-xmlrpc 2018-03-26 14:44:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2018:0591 https://access.redhat.com/errata/RHSA-2018:0591

Comment 35 errata-xmlrpc 2018-04-05 16:38:35 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2 for RHEL 7

Via RHSA-2018:0646 https://access.redhat.com/errata/RHSA-2018:0646

Comment 36 Alfredo Moralejo 2018-04-05 17:53:28 UTC
With regards to openstack-rdo [bug 1557134], RDO uses packages in CentOS extras repo so we will get the fix for this CVE via extras repo update in CentOS. I'll keep updated bug 1557134.

Comment 42 errata-xmlrpc 2018-04-12 21:33:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support
  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2018:1125 https://access.redhat.com/errata/RHSA-2018:1125

Comment 43 errata-xmlrpc 2018-04-12 21:40:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:1124 https://access.redhat.com/errata/RHSA-2018:1124

Comment 46 errata-xmlrpc 2018-04-24 09:04:09 UTC
This issue has been addressed in the following products:

  Red Hat Ansible Engine 2.4 for RHEL 7

Via RHSA-2018:1213 https://access.redhat.com/errata/RHSA-2018:1213

Comment 49 errata-xmlrpc 2018-05-02 13:10:15 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for RHEL-7
  Red Hat Virtualization Engine 4.1

Via RHSA-2018:1274 https://access.redhat.com/errata/RHSA-2018:1274

Comment 50 errata-xmlrpc 2018-05-07 20:42:22 UTC
This issue has been addressed in the following products:

  CloudForms Management Engine 5.9

Via RHSA-2018:1328 https://access.redhat.com/errata/RHSA-2018:1328

Comment 51 errata-xmlrpc 2018-05-15 18:59:41 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for RHEL-7

Via RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1525

Comment 52 errata-xmlrpc 2018-06-25 14:16:53 UTC
This issue has been addressed in the following products:

  CloudForms Management Engine 5.8

Via RHSA-2018:1972 https://access.redhat.com/errata/RHSA-2018:1972

Comment 54 Riccardo Schirone 2018-10-12 15:09:17 UTC
Statement:

This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.

The following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.

* Red Hat Ceph Storage 2
* Red Hat CloudForms 4
* Red Hat Enterprise Linux 7
* Red Hat Enterprise Virtualization
* Red Hat Gluster Storage 3
* Red Hat Openshift Container Platform
* Red Hat Quick Cloud Installer
* Red Hat Satellite 6
* Red Hat Storage Console 2
* Red Hat OpenStack Platform
* Red Hat Update Infrastructure


Note You need to log in before you can comment on or make changes to this bug.