Vulnerability CVE-2008-5659


Published: 2008-12-17   Modified: 2012-02-12

Description:
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Type:

CWE-310

(Cryptographic Issues)

Vendor: GNU
Product: Classpath 
Version:
0.97.2
0.97.1
0.97
0.96.1
0.96
0.95
0.93
0.92
0.91
0.90
0.8
0.7
0.6
0.20
0.19
0.18
0.17
0.16
0.15
0.14
0.13
0.12
0.11
0.10

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://xforce.iss.net/xforce/xfdb/47574
http://www.openwall.com/lists/oss-security/2008/12/06/2
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417

Related CVE
CVE-2019-1010025
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc.
CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.
CVE-2019-1010023
GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to ...
CVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack...
CVE-2019-12972
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section o...
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to p...
CVE-2018-12886
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack ...
CVE-2019-5953
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.

Copyright 2019, cxsecurity.com

 

Back to Top