CVE-2008-3234

Description

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

How to fix CVE-2008-3234

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/openssh—no fix listed

Is CVE-2008-3234 being exploited?

Moderate — EPSS is 5.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-3234