CVE-2006-0353
published 2006-01-22CVE-2006-0353: unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by…
PriorityP47low3.6CVSS 2.0
AVLACLAuNCPINAP
EPSS
0.35%
27.3th percentile
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lsh-utils | < lsh-utils 2.0.1cdbs-4 (bookworm) | lsh-utils 2.0.1cdbs-4 (bookworm) |
| gnu | lsh | — | — |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:N/A:P
osv3.6LOW
vendor_debian3.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-38h3-wj4x-mm5c: unix_random
ghsa_unreviewed·2022-05-01
CVE-2006-0353 [LOW] CWE-200 GHSA-38h3-wj4x-mm5c: unix_random
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
OSV
CVE-2006-0353: unix_random
osv·2006-01-22·CVSS 3.6
CVE-2006-0353 [LOW] CVE-2006-0353: unix_random
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
Debian
CVE-2006-0353: lsh-utils - unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the random...
vendor_debian·2006·CVSS 3.6
CVE-2006-0353 [LOW] CVE-2006-0353: lsh-utils - unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the random...
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
Scope: local
bookworm: resolved (fixed in 2.0.1cdbs-4)
bullseye: resolved (fixed in 2.0.1cdbs-4)
sid: resolved (fixed in 2.0.1cdbs-4)
No detection rules found.
No writeups or analysis indexed.
http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.htmlhttp://secunia.com/advisories/18564http://secunia.com/advisories/18623http://www.debian.org/security/2006/dsa-956http://www.osvdb.org/22695http://www.securityfocus.com/bid/16357http://www.vupen.com/english/advisories/2006/0301https://exchange.xforce.ibmcloud.com/vulnerabilities/24263http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.htmlhttp://secunia.com/advisories/18564http://secunia.com/advisories/18623http://www.debian.org/security/2006/dsa-956http://www.osvdb.org/22695http://www.securityfocus.com/bid/16357http://www.vupen.com/english/advisories/2006/0301https://exchange.xforce.ibmcloud.com/vulnerabilities/24263
2006-01-22
Published