CVE-2008-3844: Input Validation
First published: Wed Aug 27 2008(Updated: )
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =4.5.z | |
| Red Hat Enterprise Linux | =4.5.z | |
| Red Hat Enterprise Linux | =5.0 | |
| redhat enterprise Linux desktop | =4 | |
| redhat enterprise Linux desktop | =5 | |
| OpenSSH |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/security/data/openssh-blacklist.html
- http://www.redhat.com/support/errata/RHSA-2008-0855.html
- http://www.securityfocus.com/bid/30794
- http://securitytracker.com/id?1020730
- http://secunia.com/advisories/31575
- http://secunia.com/advisories/32241
- http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm
- http://www.vupen.com/english/advisories/2008/2821
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44747
Frequently Asked Questions
What is the severity of CVE-2008-3844?
CVE-2008-3844 is classified with unknown impact severity due to the presence of a Trojan Horse in affected packages.
How do I fix CVE-2008-3844?
To mitigate CVE-2008-3844, users should remove the compromised OpenSSH packages and reinstall from trusted sources.
Which software is affected by CVE-2008-3844?
CVE-2008-3844 affects certain packages of OpenSSH for Red Hat Enterprise Linux versions 4 and 5, specifically those signed in August 2008.
How can I check if my system is vulnerable to CVE-2008-3844?
You can verify the installed version of OpenSSH on your system against the affected packages list for CVE-2008-3844.
Is there a way to prevent vulnerabilities like CVE-2008-3844?
To prevent vulnerabilities like CVE-2008-3844, always obtain software packages from verified and secure sources.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/4.5.z
- version/red hat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/4
- version/redhat enterprise linux desktop/5
- vendor/openbsd
- canonical/openssh