A flaw was found in the implementation of
transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step.
This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g.
paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.
sudo dnf upgrade --advisory=FEDORA-EPEL-2018-86171fce03
|submitted||a year ago|
|in testing||a year ago|
|in stable||a year ago|
|0||0||#1557130 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py|
|0||0||#1557132 CVE-2018-7750 python-paramiko: Authentication bypass in transport.py [epel-all]|