PRIOn knowledge basePRION:CVE-2008-0299

HistoryJan 16, 2008 - 11:00 p.m.

Session fixation

2008-01-1623:00:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

CPENameOperatorVersion
paramikoeq1.7.1

CPE	Name	Operator	Version
	paramiko	eq	1.7.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

secunia.com/advisories/28488

secunia.com/advisories/28510

secunia.com/advisories/29168

security.gentoo.org/glsa/glsa-200803-07.xml

www.lag.net/pipermail/paramiko/2008-January/000599.html

www.securityfocus.com/bid/27307

bugzilla.redhat.com/show_bug.cgi?id=428727

exchange.xforce.ibmcloud.com/vulnerabilities/39749

www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for PRION:CVE-2008-0299