CVE-2008-0299

Published: Jan 16, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Affected (1)

Products: Python Software Foundation: Paramiko

Python Software Foundation

1 product

Paramiko

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Python Software Foundation Paramiko	Version 1.7.1

References (24)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

Source: cve@mitre.org

http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/28488

Source: cve@mitre.org

http://secunia.com/advisories/28510

Source: cve@mitre.org

http://secunia.com/advisories/29168

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200803-07.xml

Source: cve@mitre.org

http://www.lag.net/pipermail/paramiko/2008-January/000599.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/27307

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=428727

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/39749

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706