CVE-2008-3844

EPSS 2.27%
Published 27.08.2008 20:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact.  NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points.  As of 20080827, no unofficial distributions of this software are known.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh

   Redhat ≫ Enterprise Linux Version4.5.z Editionas
   Redhat ≫ Enterprise Linux Version4.5.z Editiones
   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Desktop Version4
   Redhat ≫ Enterprise Linux Desktop Version5 Editionclient

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.27%	0.841

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/31575

Third Party Advisory

Permissions Required

http://secunia.com/advisories/32241

Third Party Advisory

Permissions Required

http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0855.html

Not Applicable

http://www.vupen.com/english/advisories/2008/2821

Broken Link