Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0299

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0299
Last Modified 05 Sep 2008 05:34:42
Published 16 Jan 2008 06:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0299

Summary

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Vulnerable Systems

Application

  • Python Software Foundation Paramiko 1.7.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=428727

MISC - http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

FEDORA - FEDORA-2008-0722

FEDORA - FEDORA-2008-0644

XF - paramiko-randompool-info-disclosure(39749)

BID - 27307

GENTOO - GLSA-200803-07

SECUNIA - 29168

SECUNIA - 28510

SECUNIA - 28488


Last Updated: 27 May 2016 10:46:45