Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6150

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-6150
Last Modified 07 Mar 2011 10:02:03
Published 29 Nov 2007 08:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6150

Summary

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.

Vulnerable Systems

Operating System

  • Freebsd 5.5

  • Freebsd 6.1

  • Freebsd 6.2

  • Freebsd 6.3

  • Freebsd 7.0


References

BID - 26642

FREEBSD - FreeBSD-SA-07:09

XF - freebsd-sysdevrandom-information-disclosure(38764)

VUPEN - ADV-2007-4053

SECTRACK - 1019022

BID - 26642

SECUNIA - 27879

OSVDB - 39600


Last Updated: 27 May 2016 10:46:24