GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Mar 04, 2008 12:26 am Post subject: [ GLSA 200803-07 ] Paramiko: Information disclosure |
 |
|
Gentoo Linux Security Advisory
Title: Paramiko: Information disclosure (GLSA 200803-07)
Severity: low
Exploitable: remote
Date: March 03, 2008
Bug(s): #205777
ID: 200803-07
Synopsis
Unsafe randomness usage in Paramiko may allow access to sensitive information.
Background
Paramiko is a Secure Shell Server implementation written in Python.
Affected Packages
Package: dev-python/paramiko
Vulnerable: < 1.7.2
Unaffected: >= 1.7.2
Architectures: All supported architectures
Description
Dwayne C. Litzenberger reported that the file "common.py" does not properly use RandomPool when using threads or forked processes.
Impact
A remote attacker could predict the values generated by applications using Paramiko for encryption purposes, potentially gaining access to sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Paramiko users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/paramiko-1.7.2" |
References
CVE-2008-0299 |
|
News & Announcements
