CVE-2008-2285
EPSS 0.36%
Description
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
How to fix CVE-2008-2285
To remediate CVE-2008-2285, upgrade the affected package to a fixed version below.
- Debian/openssh—upgrade to 1:4.7p1-10 or later
Is CVE-2008-2285 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:4.7p1-10