CVE-2008-0299

Sažetak

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch
http://secunia.com/advisories/28488
http://secunia.com/advisories/28510
http://secunia.com/advisories/29168
http://security.gentoo.org/glsa/glsa-200803-07.xml
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
http://www.securityfocus.com/bid/27307
https://bugzilla.redhat.com/show_bug.cgi?id=428727
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:29

Objavljeno

16-01-2008 - 23:00