CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
openbsdopenssh
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
unimportant
bullseye
unimportant
bookworm
unimportant
bookworm (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
hardy
not-affected
gutsy
not-affected
feisty
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/30276
https://exchange.xforce.ibmcloud.com/vulnerabilities/44037
https://www.exploit-db.com/exploits/6094
http://www.securityfocus.com/bid/30276
https://exchange.xforce.ibmcloud.com/vulnerabilities/44037
https://www.exploit-db.com/exploits/6094