[email protected]NVD:CVE-2008-0299

HistoryJan 16, 2008 - 11:00 p.m.

CVE-2008-0299

2008-01-1623:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.007

Percentile

80.2%

JSON

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Affected configurations

Nvd

Node

python_software_foundationparamikoMatch1.7.1

VendorProductVersionCPE
python_software_foundationparamiko1.7.1cpe:2.3:a:python_software_foundation:paramiko:1.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python_software_foundation	paramiko	1.7.1	cpe:2.3:a:python_software_foundation:paramiko:1.7.1:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

secunia.com/advisories/28488

secunia.com/advisories/28510

secunia.com/advisories/29168

security.gentoo.org/glsa/glsa-200803-07.xml

www.lag.net/pipermail/paramiko/2008-January/000599.html

www.securityfocus.com/bid/27307

bugzilla.redhat.com/show_bug.cgi?id=428727

exchange.xforce.ibmcloud.com/vulnerabilities/39749

www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2008-0299

debiancve1 osv2 openvas6 securityvulns2 github1 gentoo1 nessus3 ubuntucve1 prion1 cvelist1 cve1