7.8
CVE-2008-0166
- EPSS 70.72%
- Veröffentlicht 13.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Debian ≫ Debian Linux Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 70.72% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
http://secunia.com/advisories/30220
http://www.debian.org/security/2008/dsa-1571
http://secunia.com/advisories/30249
http://www.debian.org/security/2008/dsa-1576
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30136
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://16years.secvuln.info
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://news.ycombinator.com/item?id=40333169
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720