Lucene search

UbuntuUSN-5351-1

HistoryMar 28, 2022 - 12:00 a.m.

Paramiko vulnerability

2022-03-2800:00:00

ubuntu.com

paramiko

ubuntu

18.04 lts

20.04 lts

21.10

ssh2 library

private keys

permissions

vulnerability

jan schejbal

esm

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Releases

Ubuntu 21.10
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

paramiko - Python SSH2 library

Details

Jan Schejbal discovered that Paramiko incorrectly handled permissions when
writing private key files. A local attacker could possibly use this issue
to gain access to private keys.

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchpython3-paramiko< 2.7.2-1ubuntu1.1UNKNOWN
Ubuntu21.10noarchparamiko-doc< 2.7.2-1ubuntu1.1UNKNOWN
Ubuntu20.04noarchpython3-paramiko< 2.6.0-2ubuntu0.1UNKNOWN
Ubuntu20.04noarchparamiko-doc< 2.6.0-2ubuntu0.1UNKNOWN
Ubuntu18.04noarchpython3-paramiko< 2.0.0-1ubuntu1.3UNKNOWN
Ubuntu18.04noarchparamiko-doc< 2.0.0-1ubuntu1.3UNKNOWN
Ubuntu18.04noarchpython-paramiko< 2.0.0-1ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	21.10	noarch	python3-paramiko	< 2.7.2-1ubuntu1.1	UNKNOWN
Ubuntu	21.10	noarch	paramiko-doc	< 2.7.2-1ubuntu1.1	UNKNOWN
Ubuntu	20.04	noarch	python3-paramiko	< 2.6.0-2ubuntu0.1	UNKNOWN
Ubuntu	20.04	noarch	paramiko-doc	< 2.6.0-2ubuntu0.1	UNKNOWN
Ubuntu	18.04	noarch	python3-paramiko	< 2.0.0-1ubuntu1.3	UNKNOWN
Ubuntu	18.04	noarch	paramiko-doc	< 2.0.0-1ubuntu1.3	UNKNOWN
Ubuntu	18.04	noarch	python-paramiko	< 2.0.0-1ubuntu1.3	UNKNOWN