CVE-2008-2285

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
ubuntulinux
7.04
ubuntulinux
7.10
ubuntulinux
8.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
hardy
Fixed 1:4.7p1-8ubuntu1.2
released
gutsy
Fixed 1:4.6p1-5ubuntu0.5
released
feisty
Fixed 1:4.3p2-8ubuntu1.4
released
dapper
Fixed 1:4.2p1-7ubuntu3.4
released
Common Weakness Enumeration
References
http://www.ubuntu.com/usn/usn-612-5
https://exchange.xforce.ibmcloud.com/vulnerabilities/42568
http://www.ubuntu.com/usn/usn-612-5
https://exchange.xforce.ibmcloud.com/vulnerabilities/42568