CVE-2008-0299 - common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly u

CVE-2008-0299

Summary

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

References

Vulnerable Configurations

cpe:2.3:a:python_software_foundation:paramiko:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:python_software_foundation:paramiko:1.7.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	27307
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 https://bugzilla.redhat.com/show_bug.cgi?id=428727
fedora	FEDORA-2008-0644 FEDORA-2008-0722
gentoo	GLSA-200803-07
misc	http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch http://www.lag.net/pipermail/paramiko/2008-January/000599.html
secunia	28488 28510 29168
xf	paramiko-randompool-info-disclosure(39749)

Last major update

08-08-2017 - 01:29

Published

16-01-2008 - 23:00

Last modified

08-08-2017 - 01:29