CVE-2008-0166

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 13-05-2008 07:20

Last modified: - 02-02-2022 03:59

Total changes: - 6

Description

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

7.8

Base score

10.0

6.9

Exploitability score

Impact score

Verification logic

AND

vendor=openssl AND product=openssl AND version=0.9.8c-1

vendor=openssl AND product=openssl AND version=0.9.8d

vendor=openssl AND product=openssl AND version=0.9.8e

vendor=openssl AND product=openssl AND version=0.9.8f

vendor=openssl AND product=openssl AND version=0.9.8g

vendor=canonical AND product=ubuntu_linux AND version=7.04

vendor=canonical AND product=ubuntu_linux AND version=7.10

vendor=canonical AND product=ubuntu_linux AND version=8.04

vendor=Debian AND product=debian_linux AND version=4.0

Reference

DSA-1571-Patch, Vendor Advisory
USN-612-1-Patch, Third Party Advisory
USN-612-2-Patch, Third Party Advisory
29179-Exploit, Third Party Advisory, VDB Entry
http://metasploit.com/users/hdm/tools/debian-openssl/
DSA-1576-Patch
USN-612-3-Third Party Advisory
USN-612-4-Third Party Advisory
USN-612-7-Third Party Advisory
VU#925211-Third Party Advisory, US Government Resource
1020017-Third Party Advisory, VDB Entry
30220-Vendor Advisory
30221-Vendor Advisory
30231-Vendor Advisory
30239-Vendor Advisory
30249-Vendor Advisory
30136-Vendor Advisory
[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem-Third Party Advisory
TA08-137A-Third Party Advisory, US Government Resource
openssl-rng-weak-security(42375)-Third Party Advisory, VDB Entry
5720-Exploit, Third Party Advisory, VDB Entry
5632-Exploit, Third Party Advisory, VDB Entry
5622-Exploit, Third Party Advisory, VDB Entry
20080515 Debian generated SSH-Keys working exploit-Third Party Advisory, VDB Entry

Keywords

CVE-2008-0166

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-0166

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures