CVE-2005-0106

7 documents7 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 76.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Ubuntu Linux

Timeline

PublishedMay 3

Latest updateMay 1

Description

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶Debianlibnet-ssleay-perl< 1.25-1.1+3

Also affects: Ubuntu Linux 5.04

🔴Vulnerability Details

GHSA

GHSA-c8r4-w8p2-gf3q: SSLeay↗2022-05-01

▶

CVEList

CVE-2005-0106: SSLeay↗2005-05-03

▶

OSV

CVE-2005-0106: SSLeay↗2005-05-03

▶

📋Vendor Advisories

Ubuntu

libnet-ssleay-perl vulnerability↗2005-05-03

▶

Debian

CVE-2005-0106: libnet-ssleay-perl - SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entro...↗2005

▶

💬Community

Bugzilla

[PATCH] CVE-2006-0106: WINE vulnerable to CVE-2005-4560 WMF exploit↗2006-01-08

▶