cbcvebase.
CVE-2008-2285
published 2008-05-18

CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote…

PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.69%
74.2th percentile
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:4.7p1-10 (bookworm)openssh 1:4.7p1-10 (bookworm)
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
ubuntulinux
ubuntulinux
ubuntulinux

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.