Information Disclosure Vulnerability in Paramiko by IronPort Systems
CVE-2008-0299

Currently unrated

Key Information:

Vendor: Python Software Foundation
Status: Paramiko
Vendor: CVE Published:; 16 January 2008

🔔 Create Python Software Foundation Vulnerability Alert

What is CVE-2008-0299?

In versions of Paramiko prior to 1.7.1, an information disclosure vulnerability exists due to improper management of the RandomPool when utilizing threads or forked processes. This design flaw enables one session to potentially expose sensitive information from other active sessions by accurately predicting the state of the RandomPool. This can lead to unauthorized access to critical session data, compromising the integrity and confidentiality of the system.

References

https://bugzilla.redhat.com/show_bug.cgi?id=428727

x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

https://exchange.xforce.ibmcloud.com/vulnerabilities/39749

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2008
Vulnerability Reserved
Jan 16, 2008

JSON