CVE-2008-0299

N/A Unknown

Published: January 16, 2008 Modified: April 23, 2026

Description

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

Source: cve@mitre.org

http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/28488

Source: cve@mitre.org

http://secunia.com/advisories/28510

Source: cve@mitre.org

http://secunia.com/advisories/29168

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200803-07.xml

Source: cve@mitre.org

http://www.lag.net/pipermail/paramiko/2008-January/000599.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/27307

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=428727

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/39749

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706