A flaw was found in the implementation of transport.py
in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step (CVE-2018-7750). This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient
), the vulnerability is not exposed and thus cannot be exploited.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | python-paramiko | <Â 2.0.8-1 | python-paramiko-2.0.8-1.mga6 |