CVE-2008-0299

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch	Exploit
http://secunia.com/advisories/28488
http://secunia.com/advisories/28510
http://secunia.com/advisories/29168
http://security.gentoo.org/glsa/glsa-200803-07.xml
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
http://www.securityfocus.com/bid/27307
https://bugzilla.redhat.com/show_bug.cgi?id=428727
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch	Exploit
http://secunia.com/advisories/28488
http://secunia.com/advisories/28510
http://secunia.com/advisories/29168
http://security.gentoo.org/glsa/glsa-200803-07.xml
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
http://www.securityfocus.com/bid/27307
https://bugzilla.redhat.com/show_bug.cgi?id=428727
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:python_software_foundation:paramiko:1.7.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 -
References	~~() http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch - Exploit~~	() http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch - Exploit
References	~~() http://secunia.com/advisories/28488 -~~	() http://secunia.com/advisories/28488 -
References	~~() http://secunia.com/advisories/28510 -~~	() http://secunia.com/advisories/28510 -
References	~~() http://secunia.com/advisories/29168 -~~	() http://secunia.com/advisories/29168 -
References	~~() http://security.gentoo.org/glsa/glsa-200803-07.xml -~~	() http://security.gentoo.org/glsa/glsa-200803-07.xml -
References	~~() http://www.lag.net/pipermail/paramiko/2008-January/000599.html -~~	() http://www.lag.net/pipermail/paramiko/2008-January/000599.html -
References	~~() http://www.securityfocus.com/bid/27307 -~~	() http://www.securityfocus.com/bid/27307 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=428727 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=428727 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/39749 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/39749 -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html -

Information

Published : 2008-01-16 23:00

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0299

Mitre link : CVE-2008-0299

CVE.ORG link : CVE-2008-0299

JSON object : View

Products Affected

python_software_foundation

paramiko

CWE

NVD-CWE-Other

4.3 /10