Lucene search

UbuntuUSN-5351-2

HistoryMar 29, 2022 - 12:00 a.m.

Paramiko vulnerability

2022-03-2900:00:00

ubuntu.com

paramiko ssh2 library

ubuntu 16.04 esm

permissions handling vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Releases

Ubuntu 16.04 ESM

Packages

paramiko - Python SSH2 library

Details

USN-5351-1 fixed a vulnerability in Paramiko. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Jan Schejbal discovered that Paramiko incorrectly handled permissions when
writing private key files. A local attacker could possibly use this issue
to gain access to private keys.

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchpython3-paramiko< 1.16.0-1ubuntu0.2+esm2UNKNOWN
Ubuntu16.04noarchparamiko-doc< 1.16.0-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchpython-paramiko< 1.16.0-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchpython3-paramiko< 1.16.0-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchparamiko-doc< 1.16.0-1ubuntu0.2+esm2UNKNOWN
Ubuntu16.04noarchpython-paramiko< 1.16.0-1ubuntu0.2+esm2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	python3-paramiko	< 1.16.0-1ubuntu0.2+esm2	UNKNOWN
Ubuntu	16.04	noarch	paramiko-doc	< 1.16.0-1ubuntu0.2	UNKNOWN
Ubuntu	16.04	noarch	python-paramiko	< 1.16.0-1ubuntu0.2	UNKNOWN
Ubuntu	16.04	noarch	python3-paramiko	< 1.16.0-1ubuntu0.2	UNKNOWN
Ubuntu	16.04	noarch	paramiko-doc	< 1.16.0-1ubuntu0.2+esm2	UNKNOWN
Ubuntu	16.04	noarch	python-paramiko	< 1.16.0-1ubuntu0.2+esm2	UNKNOWN