Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0353

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2006-0353
Last Modified 19 May 2011 12:00:00
Published 22 Jan 2006 02:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0353

Summary

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

Vulnerable Systems

Application

  • Gnu Lsh 2.0.1


References

BID - 16357

DEBIAN - DSA-956

SECUNIA - 18623

SECUNIA - 18564

XF - lsh-file-descriptor-leak(24263)

VUPEN - ADV-2006-0301

OSVDB - 22695

MLIST - [lsh-bugs] SECURITY: lshd leaks fd:s to user shells


Last Updated: 27 May 2016 10:41:37