CVE-2008-0299

Gentoo Linux Security Advisory 200803-7

Severity Score

4.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

common.py in Paramiko 1.7.1 y versiones anteriores, cuando se utilizan hilos o procesos bifurcados, no utiliza apropiadamente RandomPool, lo cual permite a una sesión obtener información confidencial de otra sesión prediciendo el estado de la pila de conexiones.

Dwayne C. Litzenberger reported that the file common.py does not properly use RandomPool when using threads or forked processes. Versions less than 1.7.2 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-01-16 CVE Reserved
2008-01-16 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (12)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706	X_refsource_confirm
http://secunia.com/advisories/28488	Third Party Advisory
http://secunia.com/advisories/28510	Third Party Advisory
http://secunia.com/advisories/29168	Third Party Advisory
http://www.lag.net/pipermail/paramiko/2008-January/000599.html	X_refsource_misc
http://www.securityfocus.com/bid/27307	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=428727	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/39749	Vdb Entry

URL	Date	SRC
http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200803-07.xml	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Python Software Foundation Search vendor "Python Software Foundation"		Paramiko Search vendor "Python Software Foundation" for product "Paramiko"				1.7.1 Search vendor "Python Software Foundation" for product "Paramiko" and version "1.7.1"		-		Affected