CVE-2008-3234

SOURCE - nist

Summary

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

EPSS Score⁠: 0.0115 (0.847)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-264⁠

Permissions, Privileges, and Access Controls

Sources (5)

Impacted images

debian

CREATED

16 years ago

UPDATED

2 days ago

SOURCE IDCVE-2008-3234⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openssh	deb	debian	12	>=1:9.2p1-2+deb12u2	Not yet available
debian/openssh	deb	debian	13	>=1:9.7p1-5	Not yet available
debian/openssh	deb	debian	11	>=1:8.4p1-5+deb11u3	Not yet available
debian/openssh	deb	debian	unstable	>=1:9.7p1-5	Not yet available
debian/openssh	deb	debian	10	>=1:7.9p1-10+deb10u2	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

16 years ago

UPDATED

7 years ago

SOURCE IDCVE-2008-3234⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-264⁠

CVSS SCORE

6.5medium

ubuntu

CREATED

16 years ago

UPDATED

1 month ago

SOURCE IDCVE-2008-3234⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

redhat

CREATED

10 months ago

UPDATED

10 months ago

SOURCE IDCVE-2008-3234⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

inthewild

CREATED

10 months ago

UPDATED

10 months ago

SOURCE IDCVE-2008-3234⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE