CVE-2008-3844
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
Ciertos paquetes Red Hat Enterprise Linux (RHEL) 4 y 5 para OpenSSH, como fueron firmados en agosto de 2008 usando una clave Red Hat GPG legítima, contienen una modificación introducida externamente (Trojan Horse) que permite a los autores de los paquetes tener un impacto desconocido. NOTA: como los paquetes maliciosos no fueron distribuidos por ninguna fuente Red Hat oficial, el impacto de este problema está restringido a usuarios que pudieran haber obtenido estos paquetes a través de puntos de distribución no oficiales. Como en 20080827, los distribuidores no oficiales de este software son conocidos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-27 CVE Reserved
- 2008-08-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1020730 | Third Party Advisory | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm | Third Party Advisory | |
| http://www.redhat.com/security/data/openssh-blacklist.html | Third Party Advisory | |
| http://www.securityfocus.com/bid/30794 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2821 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44747 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2008-0855.html | 2017-08-08 | |
| https://access.redhat.com/security/cve/CVE-2008-3844 | 2008-08-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1618333 | 2008-08-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 4.5.z Search vendor "Redhat" for product "Enterprise Linux" and version "4.5.z" | as |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 4.5.z Search vendor "Redhat" for product "Enterprise Linux" and version "4.5.z" | es |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 4 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "4" | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5" | client |
Safe
|