Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1141

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1141
Last Modified 05 Sep 2008 04:25:47
Published 10 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1141

Summary

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Ssleay 0.8.1

  • Ssleay 0.9

  • Ssleay 0.9.1


References

XF - openssl-prng-brute-force(6823)

BID - 3004

BUGTRAQ - 20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a

REDHAT - RHSA-2001:051

FREEBSD - FreeBSD-SA-01:51

OSVDB - 853

ENGARDE - ESA-20010709-01

MANDRAKE - MDKSA-2001:065

CONECTIVA - CLA-2001:418

NETBSD - NetBSD-SA2001-013


Last Updated: 27 May 2016 10:36:32