Bug 1111151 (CVE-2018-1000805) - VUL-0: CVE-2018-1000805: python-paramiko: python-paramiko: Authentication bypass in auth_handler.py
Summary: VUL-0: CVE-2018-1000805: python-paramiko: python-paramiko: Authentication byp...
Status: RESOLVED FIXED
Alias: CVE-2018-1000805
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/216327/
Whiteboard: CVSSv3:SUSE:CVE-2018-1000805:9.8:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-09 06:48 UTC by Karol Babioch
Modified: 2024-05-16 13:50 UTC (History)
17 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-09 06:48:21 UTC
rh#1637263

Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code.


Upstream Issue:

https://github.com/paramiko/paramiko/issues/1283


Upstream Patch:

https://github.com/paramiko/paramiko/commit/56c96a65

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1637263
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000805
Comment 1 Karol Babioch 2018-10-09 06:55:38 UTC
According to this bug and comment (https://bugzilla.suse.com/show_bug.cgi?id=1085276#c1) we are not using paramiko in server mode, so our products are not vulnerable to this. Still should be fixed eventually.
Comment 3 Jan Zerebecki 2019-01-03 11:16:40 UTC
patching of 2.2.3 in SOC8 discussed in bug #1120531
Comment 7 Swamp Workflow Management 2019-01-04 11:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1111151) was mentioned in
https://build.opensuse.org/request/show/662763 Factory / python-paramiko
Comment 8 Keith Berger 2019-01-08 02:13:42 UTC
patch submitted for SOC 8

https://build.opensuse.org/request/show/662836

For SOC 7

https://build.opensuse.org/request/show/662868
Comment 9 Keith Berger 2019-01-08 14:26:17 UTC
patches accepted
Comment 10 Nanuk Krinner 2019-01-08 17:04:01 UTC
Can we close this?
Comment 11 Marcus Meissner 2019-01-09 06:49:56 UTC
we will close the bug once everything is released
Comment 16 Swamp Workflow Management 2019-01-25 20:12:08 UTC
SUSE-SU-2019:0174-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1111151,1115769,1121846
CVE References: CVE-2018-1000805
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    python-paramiko-2.4.2-3.3.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-paramiko-2.4.2-3.3.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-paramiko-2.4.2-3.3.2
Comment 17 Swamp Workflow Management 2019-02-04 14:09:37 UTC
openSUSE-SU-2019:0129-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1111151,1115769,1121846
CVE References: CVE-2018-1000805
Sources used:
openSUSE Leap 15.0 (src):    python-paramiko-2.4.2-lp150.2.3.1
Comment 18 Swamp Workflow Management 2019-02-14 17:16:57 UTC
SUSE-SU-2019:0396-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1111151,1120531
CVE References: CVE-2018-1000805
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    python-paramiko-2.2.4-4.3.1
SUSE OpenStack Cloud 8 (src):    python-paramiko-2.2.4-4.3.1
HPE Helion Openstack 8 (src):    python-paramiko-2.2.4-4.3.1
Comment 19 Swamp Workflow Management 2019-02-19 16:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1111151) was mentioned in
https://build.opensuse.org/request/show/677415 15.1 / python-paramiko
Comment 20 Swamp Workflow Management 2019-02-25 17:10:33 UTC
SUSE-SU-2019:0481-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1111151,1115099,1116437,1123054
CVE References: CVE-2018-1000805
Sources used:
SUSE OpenStack Cloud 7 (src):    python-amqp-1.4.9-3.3.1, python-oslo.messaging-5.10.2-3.9.1, python-ovs-2.5.0-3.3.1, python-paramiko-2.0.9-3.6.1, python-psql2mysql-0.5.0+git.1539592188.13e5d0f-1.9.1
SUSE Enterprise Storage 4 (src):    python-paramiko-2.0.9-3.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    python-paramiko-2.0.9-3.6.1
Comment 23 Holger Sickenberg 2020-05-07 07:11:08 UTC
@Tom,@Nathan: python-radosgw-agent is requiring that within its requirement chain. I have copied paramiko-2.0.9 to Devel:Storage:5.0 with a fix for this issue. Can one of you make sure this is working for SES5?
Comment 24 Thomas Bechtold 2020-05-07 07:23:08 UTC
(In reply to Holger Sickenberg from comment #23)
> @Tom,@Nathan: python-radosgw-agent is requiring that within its requirement
> chain. I have copied paramiko-2.0.9 to Devel:Storage:5.0 with a fix for this
> issue. Can one of you make sure this is working for SES5?

@Holgi, It doesn't build. Tests are failing.
@Nathan, do we have any CI for radosgw-agent ?
Comment 25 Nathan Cutler 2020-05-07 12:01:25 UTC
(In reply to Thomas Bechtold from comment #24)
> (In reply to Holger Sickenberg from comment #23)
> > @Tom,@Nathan: python-radosgw-agent is requiring that within its requirement
> > chain. I have copied paramiko-2.0.9 to Devel:Storage:5.0 with a fix for this
> > issue. Can one of you make sure this is working for SES5?
> 
> @Holgi, It doesn't build. Tests are failing.
> @Nathan, do we have any CI for radosgw-agent ?

@Holgi @Tom @All 

"python-radosgw-agent" is an unused, unmaintained and undocumented tool which is only in SES5 for the purpose of deprecating it so it could be dropped in SES6. So there is no need to test it and the likelihood that any customers are using it is near zero.

I think the python-paramiko package (which isn't building) could simply be removed from Devel:Storage:5.0. I'm sure the security fix that ends up being implemented will be just fine for all the current users of "python-radosgw-agent".
Comment 34 Swamp Workflow Management 2020-05-14 10:15:27 UTC
SUSE-SU-2020:1274-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1111151
CVE References: CVE-2018-1000805
Sources used:
SUSE Enterprise Storage 5 (src):    python-paramiko-2.0.9-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 Matej Cepl 2020-06-08 09:40:48 UTC
Update has been released, this bug can be closed.
Comment 39 Swamp Workflow Management 2021-01-07 14:17:09 UTC
SUSE-SU-2021:0038-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1111151
CVE References: CVE-2018-1000805
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 12 (src):    python-paramiko-2.1.3-9.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-10-25 19:24:11 UTC
SUSE-SU-2022:3730-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1111151,1200603
CVE References: CVE-2018-1000805
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python-paramiko-2.4.3-150100.6.15.1
openSUSE Leap 15.3 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Manager Server 4.1 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Manager Retail Branch Server 4.1 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Manager Proxy 4.1 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Enterprise Storage 7 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE Enterprise Storage 6 (src):    python-paramiko-2.4.3-150100.6.15.1
SUSE CaaS Platform 4.0 (src):    python-paramiko-2.4.3-150100.6.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Carlos López 2023-03-24 11:40:08 UTC
Done, closing.