CVE-2008-2285

CWE-3108 documents8 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 42.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ubuntu Linux
Timeline
PublishedMay 18
Latest updateMay 1

Description

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDubuntu/linux7.04, 7.10, 8.04+2
Debianopenssh< 1:4.7p1-10+3

🔴Vulnerability Details

3
GHSA
GHSA-9c93-c5gr-q8j9: The ssh-vulnkey tool on Ubuntu Linux 72022-05-01
CVEList
CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 72008-05-18
OSV
CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 72008-05-18

📋Vendor Advisories

3
Red Hat
libtiff: LZWDecodeCompat underflow2009-01-03
Ubuntu
OpenSSH update2008-05-14
Debian
CVE-2008-2285: openssh - The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize...2008
CVE-2008-2285 (MEDIUM CVSS 5) | The ssh-vulnkey tool on Ubuntu Linu | cvebase.io