CVE-2008-0166
Vulnerability from cvelistv5
Published
2008-05-13 17:00
Modified
2024-08-07 07:39
Severity ?
Summary
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
References
cve@mitre.orghttp://metasploit.com/users/hdm/tools/debian-openssl/Broken Link
cve@mitre.orghttp://secunia.com/advisories/30136Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30220Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30221Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30231Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30239Broken Link, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30249Broken Link, Vendor Advisory
cve@mitre.orghttp://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-develThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1571Mailing List, Patch, Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1576Mailing List, Patch
cve@mitre.orghttp://www.kb.cert.org/vuls/id/925211Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.securityfocus.com/archive/1/492112/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/29179Broken Link, Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1020017Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/usn-612-1Patch, Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-612-2Patch, Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-612-3Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-612-4Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-612-7Third Party Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-137A.htmlBroken Link, Third Party Advisory, US Government Resource
cve@mitre.orghttps://16years.secvuln.info
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/42375Third Party Advisory, VDB Entry
cve@mitre.orghttps://news.ycombinator.com/item?id=40333169
cve@mitre.orghttps://www.exploit-db.com/exploits/5622Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.exploit-db.com/exploits/5632Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.exploit-db.com/exploits/5720Exploit, Third Party Advisory, VDB Entry
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:32.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1576",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1576"
          },
          {
            "name": "5622",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5622"
          },
          {
            "name": "30221",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30221"
          },
          {
            "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
          },
          {
            "name": "DSA-1571",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "29179",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29179"
          },
          {
            "name": "20080515 Debian generated SSH-Keys working exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
          },
          {
            "name": "30239",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30239"
          },
          {
            "name": "30220",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "name": "USN-612-7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-7"
          },
          {
            "name": "30231",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30231"
          },
          {
            "name": "openssl-rng-weak-security(42375)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
          },
          {
            "name": "30249",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30249"
          },
          {
            "name": "1020017",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020017"
          },
          {
            "name": "5632",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5632"
          },
          {
            "name": "USN-612-4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-4"
          },
          {
            "name": "USN-612-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-2"
          },
          {
            "name": "TA08-137A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
          },
          {
            "name": "VU#925211",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/925211"
          },
          {
            "name": "5720",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5720"
          },
          {
            "name": "30136",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30136"
          },
          {
            "name": "USN-612-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-3"
          },
          {
            "name": "USN-612-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://16years.secvuln.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40333169"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-12T20:03:03.670438",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1576",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1576"
        },
        {
          "name": "5622",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5622"
        },
        {
          "name": "30221",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30221"
        },
        {
          "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
          "tags": [
            "mailing-list"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
        },
        {
          "name": "DSA-1571",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1571"
        },
        {
          "name": "29179",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/29179"
        },
        {
          "name": "20080515 Debian generated SSH-Keys working exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
        },
        {
          "name": "30239",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30239"
        },
        {
          "name": "30220",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30220"
        },
        {
          "name": "USN-612-7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-7"
        },
        {
          "name": "30231",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30231"
        },
        {
          "name": "openssl-rng-weak-security(42375)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
        },
        {
          "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
        },
        {
          "name": "30249",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30249"
        },
        {
          "name": "1020017",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id?1020017"
        },
        {
          "name": "5632",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5632"
        },
        {
          "name": "USN-612-4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-4"
        },
        {
          "name": "USN-612-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-2"
        },
        {
          "name": "TA08-137A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
        },
        {
          "name": "VU#925211",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/925211"
        },
        {
          "name": "5720",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5720"
        },
        {
          "name": "30136",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30136"
        },
        {
          "name": "USN-612-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-3"
        },
        {
          "name": "USN-612-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-1"
        },
        {
          "url": "https://16years.secvuln.info"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40333169"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0166",
    "datePublished": "2008-05-13T17:00:00",
    "dateReserved": "2008-01-09T00:00:00",
    "dateUpdated": "2024-08-07T07:39:32.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0166\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-13T17:20:00.000\",\"lastModified\":\"2024-05-14T01:50:09.780\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.\"},{\"lang\":\"es\",\"value\":\"OpenSSL versi\u00f3n 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de n\u00fameros aleatorios que genera n\u00fameros predecibles, lo que facilita a atacantes remotos la conducci\u00f3n de ataques de adivinaci\u00f3n por fuerza bruta contra claves criptogr\u00e1ficas.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable.  This flaw was caused by a third-party vendor patch to the OpenSSL\\nlibrary.  This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.\",\"lastModified\":\"2008-05-13T00:00:00\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.8c-1\",\"versionEndIncluding\":\"0.9.8g\",\"matchCriteriaId\":\"8EEFA1C8-85D4-425F-A987-29AC6D10C303\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBDAFF8-DE44-4E80-B6BD-E341F767F501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}],\"references\":[{\"url\":\"http://metasploit.com/users/hdm/tools/debian-openssl/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/30136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30220\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30221\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30231\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1571\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1576\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/925211\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/492112/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29179\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020017\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-612-7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-137A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://16years.secvuln.info\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42375\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://news.ycombinator.com/item?id=40333169\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5622\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/5632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/5720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.