CVE-2008-2285

Publication date 18 May 2008

Last updated 24 July 2024

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openssh	8.04 LTS hardy	Fixed 1:4.7p1-8ubuntu1.2
	7.10 gutsy	Fixed 1:4.6p1-5ubuntu0.5
	7.04 feisty	Fixed 1:4.3p2-8ubuntu1.4
	6.06 LTS dapper	Fixed 1:4.2p1-7ubuntu3.4

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-612-5
OpenSSH update
14 May 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-2285