Detections
Analytics

CVE-2008-0299

medium

Description

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

References

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/39749

https://bugzilla.redhat.com/show_bug.cgi?id=428727

http://www.securityfocus.com/bid/27307

http://www.lag.net/pipermail/paramiko/2008-January/000599.html

http://security.gentoo.org/glsa/glsa-200803-07.xml

http://secunia.com/advisories/29168

http://secunia.com/advisories/28510

http://secunia.com/advisories/28488

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

Details

Source: Mitre, NVD

Published: 2008-01-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Medium