Vulnerability Details : CVE-2008-2285
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
Products affected by CVE-2008-2285
- cpe:2.3:a:ubuntu:linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu:linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu:linux:8.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2285
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2285
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-2285
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2285
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42568
ssh-vulnkey authorized_keys weak security CVE-2008-2285 Vulnerability Report
-
http://www.ubuntu.com/usn/usn-612-5
USN-612-5: OpenSSH update | Ubuntu security notices | Ubuntu
Jump to