7.8

CVE-2009-3238

Exploit
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.30
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
OpensuseOpensuse Version11.0
SuseLinux Enterprise Desktop Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.63% 0.731
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:C/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
Mailing List
http://secunia.com/advisories/37351
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Broken Link
http://secunia.com/advisories/37105
Broken Link
http://www.ubuntu.com/usn/USN-852-1
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Broken Link
http://patchwork.kernel.org/patch/21766/
Patch
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
Vendor Advisory
Exploit
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=499785
Issue Tracking
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=519692
Issue Tracking
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
Broken Link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
Third Party Advisory