Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2008-0299 - CERT CVE
CVE-2008-0299
ID
CVE-2008-0299
Sažetak
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
Reference
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch
http://secunia.com/advisories/28488
http://secunia.com/advisories/28510
http://secunia.com/advisories/29168
http://security.gentoo.org/glsa/glsa-200803-07.xml
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
http://www.securityfocus.com/bid/27307
https://bugzilla.redhat.com/show_bug.cgi?id=428727
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html
CVSS
Base:
4.3
Impact:
2.9
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
PARTIAL
NONE
NONE
CVSS vektor
AV:N/AC:M/Au:N/C:P/I:N/A:N
Zadnje važnije ažuriranje
08-08-2017 - 01:29
Objavljeno
16-01-2008 - 23:00