Vulnerability Details : CVE-2008-3234
Potential exploit
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Products affected by CVE-2008-3234
- cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
Exploit prediction scoring system (EPSS) score for CVE-2008-3234
2.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3234
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2008-3234
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3234
-
Red Hat 2008-07-21Upon investigating this issue, the Red Hat Security Response Team has determined that this is not a vulnerability. The ability to specify a desired role when connecting to OpenSSH is a feature of how OpenSSH interacts with SELinux. Users can only assign themselves SELinux roles which they have permission to access. They cannot assign themselves arbitrary roles.
References for CVE-2008-3234
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44037
OpenSSH sshd SELinux role unauthorized access CVE-2008-3234 Vulnerability Report
-
http://www.securityfocus.com/bid/30276
Exploit
-
https://www.exploit-db.com/exploits/6094
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation - Linux remote Exploit
Jump to