CVE-2008-5162

EPSS 0.06%
Published 26.11.2008 23:30:00
Last modified 09.04.2025 00:30:58
Source secteam@freebsd.org
Teams watchlist Login
Open Login

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version >= 6.4 < 7.0

Freebsd ≫ Freebsd Version6.3 Update-

Freebsd ≫ Freebsd Version6.3 Updatep1

Freebsd ≫ Freebsd Version6.3 Updatep2

Freebsd ≫ Freebsd Version6.3 Updatep3

Freebsd ≫ Freebsd Version6.3 Updatep4

Freebsd ≫ Freebsd Version6.3 Updatep5

Freebsd ≫ Freebsd Version7.0 Update-

Freebsd ≫ Freebsd Version7.0 Updatep1

Freebsd ≫ Freebsd Version7.0 Updatep3

Freebsd ≫ Freebsd Version7.0 Updatep4

Freebsd ≫ Freebsd Version7.0 Updatep5

Freebsd ≫ Freebsd Version7.1 Update-

Freebsd ≫ Freebsd Version7.1 Updatep1

Freebsd ≫ Freebsd Version7.1 Updatep10

Freebsd ≫ Freebsd Version7.1 Updatep12

Freebsd ≫ Freebsd Version7.1 Updatep13

Freebsd ≫ Freebsd Version7.1 Updatep14

Freebsd ≫ Freebsd Version7.1 Updatep15

Freebsd ≫ Freebsd Version7.1 Updatep16

Freebsd ≫ Freebsd Version7.1 Updatep2

Freebsd ≫ Freebsd Version7.1 Updatep3

Freebsd ≫ Freebsd Version7.1 Updatep4

Freebsd ≫ Freebsd Version7.1 Updatep5

Freebsd ≫ Freebsd Version7.1 Updatep6

Freebsd ≫ Freebsd Version7.1 Updatep7

Freebsd ≫ Freebsd Version7.1 Updatep8

Freebsd ≫ Freebsd Version7.1 Updatep9

Freebsd ≫ Freebsd Version7.1 Updaterc1

Freebsd ≫ Freebsd Version7.1 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.164

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://osvdb.org/50137

Broken Link

http://secunia.com/advisories/32871

Broken Link

http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc

Vendor Advisory

http://securitytracker.com/id?1021276

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/32447

Third Party Advisory

Broken Link

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-5162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5162

EUVD