Vulnerability CVE-2008-0166


Published: 2008-05-13   Modified: 2012-02-12

Description:
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Openssl project -> Openssl 

 References:
http://metasploit.com/users/hdm/tools/debian-openssl/
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720

Copyright 2024, cxsecurity.com

 

Back to Top