Fluid Attacks Database

Description

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	openssh	=1:10.0p1-1 \|\| =1:10.0p1-2 \|\| =1:10.0p1-3 \|\| =1:10.0p1-4 \|\| =1:10.0p1-5 \|\| =1:10.0p1-5~bpo12+2 \|\| =1:10.0p1-6 \|\| =1:10.0p1-7 \|\| =1:10.0p1-7~bpo12+1 \|\| =1:10.0p1-8 \|\| =1:10.1p1-1 \|\| =1:10.1p1-2 \|\| =1:10.2p1-1 \|\| =1:10.2p1-2 \|\| =1:10.2p1-2~bpo13+1 \|\| =1:10.2p1-3 \|\| =1:10.2p1-4 \|\| =1:10.2p1-5 \|\| =1:10.2p1-6 \|\| =1:10.2p1-6~bpo13+1 \|\| =1:10.3p1-1 \|\| =1:8.4p1-5 \|\| =1:8.4p1-5+deb11u1 \|\| =1:8.4p1-5+deb11u2 \|\| =1:8.4p1-5+deb11u3 \|\| =1:8.4p1-5+deb11u4 \|\| =1:8.4p1-5+deb11u5 \|\| =1:8.4p1-5+deb11u6 \|\| =1:8.4p1-6 \|\| =1:8.7p1-1 \|\| =1:8.7p1-2 \|\| =1:8.7p1-3 \|\| =1:8.7p1-4 \|\| =1:8.8p1-1 \|\| =1:8.9p1-1 \|\| =1:8.9p1-2 \|\| =1:8.9p1-3 \|\| =1:9.0p1-1 \|\| =1:9.1p1-1 \|\| =1:9.1p1-2 \|\| =1:9.2p1-1 \|\| =1:9.2p1-2 \|\| =1:9.3p1-1 \|\| =1:9.3p1-1+loong64 \|\| =1:9.3p2-1 \|\| =1:9.4p1-1 \|\| =1:9.5p1-1 \|\| =1:9.5p1-2 \|\| =1:9.6p1-1 \|\| =1:9.6p1-2 \|\| =1:9.6p1-3 \|\| =1:9.6p1-4 \|\| =1:9.6p1-5 \|\| =1:9.7p1-1 \|\| =1:9.7p1-2 \|\| =1:9.7p1-3 \|\| =1:9.7p1-3+hurd.1 \|\| =1:9.7p1-4 \|\| =1:9.7p1-5 \|\| =1:9.7p1-6 \|\| =1:9.7p1-7 \|\| =1:9.8p1-1 \|\| =1:9.8p1-2 \|\| =1:9.8p1-3 \|\| =1:9.8p1-4 \|\| =1:9.8p1-7 \|\| =1:9.8p1-8 \|\| =1:9.9p1-1 \|\| =1:9.9p1-2 \|\| =1:9.9p1-3 \|\| =1:9.9p1-3+hurd.1 \|\| =1:9.9p2-1 \|\| =1:9.9p2-2
debian 14	openssh	=1:10.0p1-7 \|\| =1:10.0p1-8 \|\| =1:10.1p1-1 \|\| =1:10.1p1-2 \|\| =1:10.2p1-1 \|\| =1:10.2p1-2 \|\| =1:10.2p1-2~bpo13+1 \|\| =1:10.2p1-3 \|\| =1:10.2p1-4 \|\| =1:10.2p1-5 \|\| =1:10.2p1-6 \|\| =1:10.2p1-6~bpo13+1 \|\| =1:10.3p1-1
debian 12	openssh	=1:10.0p1-1 \|\| =1:10.0p1-2 \|\| =1:10.0p1-3 \|\| =1:10.0p1-4 \|\| =1:10.0p1-5 \|\| =1:10.0p1-5~bpo12+2 \|\| =1:10.0p1-6 \|\| =1:10.0p1-7 \|\| =1:10.0p1-7~bpo12+1 \|\| =1:10.0p1-8 \|\| =1:10.1p1-1 \|\| =1:10.1p1-2 \|\| =1:10.2p1-1 \|\| =1:10.2p1-2 \|\| =1:10.2p1-2~bpo13+1 \|\| =1:10.2p1-3 \|\| =1:10.2p1-4 \|\| =1:10.2p1-5 \|\| =1:10.2p1-6 \|\| =1:10.2p1-6~bpo13+1 \|\| =1:10.3p1-1 \|\| =1:9.2p1-2 \|\| =1:9.2p1-2+deb12u1 \|\| =1:9.2p1-2+deb12u2 \|\| =1:9.2p1-2+deb12u3 \|\| =1:9.2p1-2+deb12u4 \|\| =1:9.2p1-2+deb12u5 \|\| =1:9.2p1-2+deb12u6 \|\| =1:9.2p1-2+deb12u7 \|\| =1:9.2p1-2+deb12u8 \|\| =1:9.2p1-2+deb12u9 \|\| =1:9.3p1-1 \|\| =1:9.3p1-1+loong64 \|\| =1:9.3p2-1 \|\| =1:9.4p1-1 \|\| =1:9.5p1-1 \|\| =1:9.5p1-2 \|\| =1:9.6p1-1 \|\| =1:9.6p1-2 \|\| =1:9.6p1-3 \|\| =1:9.6p1-4 \|\| =1:9.6p1-5 \|\| =1:9.7p1-1 \|\| =1:9.7p1-2 \|\| =1:9.7p1-3 \|\| =1:9.7p1-3+hurd.1 \|\| =1:9.7p1-4 \|\| =1:9.7p1-5 \|\| =1:9.7p1-6 \|\| =1:9.7p1-7 \|\| =1:9.8p1-1 \|\| =1:9.8p1-2 \|\| =1:9.8p1-3 \|\| =1:9.8p1-4 \|\| =1:9.8p1-7 \|\| =1:9.8p1-8 \|\| =1:9.9p1-1 \|\| =1:9.9p1-2 \|\| =1:9.9p1-3 \|\| =1:9.9p1-3+hurd.1 \|\| =1:9.9p2-1 \|\| =1:9.9p2-2
debian 13	openssh	=1:10.0p1-7 \|\| =1:10.0p1-7+deb13u1 \|\| =1:10.0p1-7+deb13u2 \|\| =1:10.0p1-8 \|\| =1:10.1p1-1 \|\| =1:10.1p1-2 \|\| =1:10.2p1-1 \|\| =1:10.2p1-2 \|\| =1:10.2p1-2~bpo13+1 \|\| =1:10.2p1-3 \|\| =1:10.2p1-4 \|\| =1:10.2p1-5 \|\| =1:10.2p1-6 \|\| =1:10.2p1-6~bpo13+1 \|\| =1:10.3p1-1

Aliases

1. CVE-2008-32342. NVD-2008-32343. OSV-DEBIAN-2008-32344. OSV-2008-32345. SECURITY-TRACKER-CVE-2008-3234

References

1. https://www.exploit-db.com/exploits/6094

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.