Vulnerability Details : CVE-2008-0299
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
Products affected by CVE-2008-0299
- cpe:2.3:a:python_software_foundation:paramiko:1.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0299
0.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0299
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2008-0299
-
https://bugzilla.redhat.com/show_bug.cgi?id=428727
428727 – (CVE-2008-0299) CVE-2008-0299 Paramiko insecure use of RandomPool
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html
[SECURITY] Fedora 7 Update: python-paramiko-1.7.1-3.fc7
-
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch
403 ForbiddenExploit
-
http://www.securityfocus.com/bid/27307
-
http://security.gentoo.org/glsa/glsa-200803-07.xml
Paramiko: Information disclosure (GLSA 200803-07) — Gentoo security
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
#460706 - python-paramiko: CVE-2008-0299 insecure use of RandomPool - Debian Bug report logs
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749
paramiko RandomPool information disclosure CVE-2008-0299 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
[SECURITY] Fedora 8 Update: python-paramiko-1.7.1-3.fc8
Jump to