Unrated severityNVD Advisory· Published Aug 27, 2008· Updated Apr 23, 2026

CVE-2008-3844

Description

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.

Affected products

OpenBSD/OpenSSH
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31575nvdPermissions RequiredThird Party Advisory
secunia.com/advisories/32241nvdPermissions RequiredThird Party Advisory
securitytracker.com/idnvdThird Party AdvisoryVDB Entry
support.avaya.com/elmodocs2/security/ASA-2008-399.htmnvdThird Party Advisory
www.redhat.com/security/data/openssh-blacklist.htmlnvdThird Party Advisory
www.securityfocus.com/bid/30794nvdThird Party AdvisoryVDB Entry
www.redhat.com/support/errata/RHSA-2008-0855.htmlnvdNot Applicable
www.vupen.com/english/advisories/2008/2821nvdBroken Link
exchange.xforce.ibmcloud.com/vulnerabilities/44747nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000