Fluid Attacks Database

Description

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	openssh	>=0 <1:4.7p1-10	1:4.7p1-10
debian 11	openssh	>=0 <1:4.7p1-10	1:4.7p1-10
debian 12	openssh	>=0 <1:4.7p1-10	1:4.7p1-10
debian 13	openssh	>=0 <1:4.7p1-10	1:4.7p1-10

Aliases

1. CVE-2008-22852. NVD-2008-22853. OSV-DEBIAN-2008-22854. OSV-2008-22855. SECURITY-TRACKER-CVE-2008-2285

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.