Lucene search

[email protected]CVE-2008-0299

HistoryJan 16, 2008 - 11:00 p.m.

CVE-2008-0299

2008-01-1623:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2008-0299

paramiko

information security

vulnerability

randompool

5.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

CPENameOperatorVersion
python_software_foundation:paramikopython software foundation paramikoeq1.7.1

CPE	Name	Operator	Version
python_software_foundation:paramiko	python software foundation paramiko	eq	1.7.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

secunia.com/advisories/28488

secunia.com/advisories/28510

secunia.com/advisories/29168

security.gentoo.org/glsa/glsa-200803-07.xml

www.lag.net/pipermail/paramiko/2008-January/000599.html

www.securityfocus.com/bid/27307

bugzilla.redhat.com/show_bug.cgi?id=428727

exchange.xforce.ibmcloud.com/vulnerabilities/39749

www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

5.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2008-0299

openvas6 osv2 gentoo1 debiancve1 securityvulns2 nessus3 ubuntucve1 prion1 github1