CVE-2008-0166
Vulnerability from cvelistv5
Published
2008-05-13 17:00
Modified
2024-08-07 07:39
Severity
Summary
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:32.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "5622",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5622"
},
{
"name": "30221",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30221"
},
{
"name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
},
{
"name": "DSA-1571",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1571"
},
{
"name": "29179",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29179"
},
{
"name": "20080515 Debian generated SSH-Keys working exploit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
},
{
"name": "30239",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30239"
},
{
"name": "30220",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30220"
},
{
"name": "USN-612-7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-612-7"
},
{
"name": "30231",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30231"
},
{
"name": "openssl-rng-weak-security(42375)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
},
{
"tags": [
"x_transferred"
],
"url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "1020017",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020017"
},
{
"name": "5632",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5632"
},
{
"name": "USN-612-4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-612-4"
},
{
"name": "USN-612-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-612-2"
},
{
"name": "TA08-137A",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
},
{
"name": "VU#925211",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/925211"
},
{
"name": "5720",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5720"
},
{
"name": "30136",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30136"
},
{
"name": "USN-612-3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-612-3"
},
{
"name": "USN-612-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-612-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://16years.secvuln.info"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40333169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-12T20:03:03.670438",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1576",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "5622",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/5622"
},
{
"name": "30221",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30221"
},
{
"name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
"tags": [
"mailing-list"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
},
{
"name": "DSA-1571",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1571"
},
{
"name": "29179",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/29179"
},
{
"name": "20080515 Debian generated SSH-Keys working exploit",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
},
{
"name": "30239",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30239"
},
{
"name": "30220",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30220"
},
{
"name": "USN-612-7",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-612-7"
},
{
"name": "30231",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30231"
},
{
"name": "openssl-rng-weak-security(42375)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
},
{
"url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
},
{
"name": "30249",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "1020017",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id?1020017"
},
{
"name": "5632",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/5632"
},
{
"name": "USN-612-4",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-612-4"
},
{
"name": "USN-612-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-612-2"
},
{
"name": "TA08-137A",
"tags": [
"third-party-advisory"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
},
{
"name": "VU#925211",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/925211"
},
{
"name": "5720",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/5720"
},
{
"name": "30136",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30136"
},
{
"name": "USN-612-3",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-612-3"
},
{
"name": "USN-612-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-612-1"
},
{
"url": "https://16years.secvuln.info"
},
{
"url": "https://news.ycombinator.com/item?id=40333169"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0166",
"datePublished": "2008-05-13T17:00:00",
"dateReserved": "2008-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:39:32.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-0166\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-13T17:20:00.000\",\"lastModified\":\"2024-05-14T01:50:09.780\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.\"},{\"lang\":\"es\",\"value\":\"OpenSSL versi\u00f3n 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de n\u00fameros aleatorios que genera n\u00fameros predecibles, lo que facilita a atacantes remotos la conducci\u00f3n de ataques de adivinaci\u00f3n por fuerza bruta contra claves criptogr\u00e1ficas.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This flaw was caused by a third-party vendor patch to the OpenSSL\\nlibrary. This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.\",\"lastModified\":\"2008-05-13T00:00:00\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.8c-1\",\"versionEndIncluding\":\"0.9.8g\",\"matchCriteriaId\":\"8EEFA1C8-85D4-425F-A987-29AC6D10C303\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBDAFF8-DE44-4E80-B6BD-E341F767F501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}],\"references\":[{\"url\":\"http://metasploit.com/users/hdm/tools/debian-openssl/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/30136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30220\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30221\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30231\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1571\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1576\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/925211\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/492112/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29179\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020017\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-137A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://16years.secvuln.info\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42375\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://news.ycombinator.com/item?id=40333169\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5622\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/5632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/5720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading...