CVE-2008-0299
| Name | CVE-2008-0299 |
| Source | CVE (at NVD; RH) |
| Description | common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. |
| NVD severity | medium (attack range: remote) |
| Debian Bugs | 460706 |
| Debian/oldstable | not vulnerable. |
| Debian/stable | not vulnerable. |
| Debian/testing | not vulnerable. |
| Debian/unstable | not vulnerable. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| paramiko (PTS) | lenny | 1.7.4-0.1 | fixed |
| squeeze | 1.7.6-5 | fixed |
| wheezy, sid | 1.7.7.1-2 | fixed |
The information above is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| paramiko | source | (unstable) | 1.6.4-1.1 | low | | 460706 |
Notes
[etch] - paramiko <no-dsa> (Minor issue)
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
Home - Testing Security Team - Debian Security - Imprint