14 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)
Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...
Ubuntu: Security Advisory (USN-7108-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7108-2 python-asyncssh vulnerabilities
USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...
Ubuntu: Security Advisory (USN-7108-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : AsyncSSH vulnerabilities (USN-7108-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-1 advisory. Fabian Bumer, Marcus Brinkmann, and Jrg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An...
[SECURITY] [DLA 3899-1] python-asyncssh security update
Debian LTS Advisory DLA-3899-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 27, 2024 https://wiki.debian.org/LTS Package : python-asyncssh Version : 2.5.0-0.1+deb11u1 CVE ID : CVE-2023-46445 CVE-2023-46446 CVE-2023-48795 Debian Bug : 1055999 1056000...
Debian dla-3899 : python-asyncssh-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3899 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3899-1 [email protected]...
K000138577: Python-asyncssh vulnerability CVE-2023-46446
Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...
Fedora 39 : python-asyncssh (2023-d2956318e4)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2956318e4 advisory. Security fix for CVE-2023-46446 and CVE-2023-46445 Tenable has extracted the preceding description block directly from the Fedora security advisory...
CVE-2023-46446
A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...
aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)
asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:PYSEC-2023-239...
CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
CVE-2023-46446
CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...
aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)
asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...