cbcvebase.
CVE-2008-0166
published 2008-05-13

CVE-2008-0166: OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
70.72%
99.3th percentile
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Affected

24 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianopenssh< openssh 4.7p1-9 (bookworm)openssh 4.7p1-9 (bookworm)
debianopenssh< openssh 1:4.7p1-10 (bookworm)openssh 1:4.7p1-10 (bookworm)
debianopenssl< openssh 4.7p1-9 (bookworm)openssh 4.7p1-9 (bookworm)
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 4.7p1-94.7p1-9
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 4.7p1-94.7p1-9
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 4.7p1-94.7p1-9
openbsdopenssh>= 0 < 1:4.7p1-101:4.7p1-10
openbsdopenssh>= 0 < 4.7p1-94.7p1-9
opensslopenssl>= 0 < 0.9.8g-90.9.8g-9
opensslopenssl>= 0 < 0.9.8g-90.9.8g-9
opensslopenssl>= 0 < 0.9.8g-90.9.8g-9
opensslopenssl>= 0 < 0.9.8g-90.9.8g-9
opensslopenssl0.9.8c-1 – 0.9.8g
ubuntulinux
ubuntulinux
ubuntulinux

Detection & IOCsextracted from sources · hover to see the quote

versionOpenSSL 0.9.8c-1
versionOpenSSL 0.9.8c-1
  • CVE-2008-0166 (Debian Predictable RNG) produces a severely limited keyspace for RSA/DSA keys generated on affected Debian/Ubuntu systems. Detect use of weak predictable SSH private keys by comparing against the known set of ~32,768 possible keys for each key length/type combination.
  • Exploit tooling for CVE-2008-0166 iterates through a directory of pre-generated weak SSH private keys and attempts authentication against a target host using multiple threads. Monitor for rapid sequential SSH authentication attempts using different key files from the same source IP.
  • The brute-force exploit (exploit-db 5622) batches multiple weak SSH private keys per connection attempt against root. Alert on SSH login attempts to the root account using public-key authentication in rapid succession.
  • TLS certificates generated on Debian-based systems between September 2006 and May 2008 may use predictable weak keys. Audit TLS certificates in use and check key fingerprints against published lists of compromised Debian weak keys.
  • ·The exploit script (exploit-db 5720) requires a local directory of pre-generated weak Debian SSH private keys as input; detection depends on the attacker having obtained the weak key set externally before launching the attack.
  • ·The exploit-db 5622 script estimates compromise in under 20 minutes, indicating the full weak-key space can be exhausted rapidly and detection windows are short.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.