Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0166

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-0166
Last Modified 21 Feb 2009 12:00:00
Published 13 May 2008 01:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0166

Summary

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Vulnerable Systems

Application

  • Openssl Project Openssl 0.9.8c-1

  • Openssl Project Openssl 0.9.8c-2

  • Openssl Project Openssl 0.9.8c-3

  • Openssl Project Openssl 0.9.8c-4

  • Openssl Project Openssl 0.9.8c-5

  • Openssl Project Openssl 0.9.8c-6

  • Openssl Project Openssl 0.9.8c-7

  • Openssl Project Openssl 0.9.8c-8

  • Openssl Project Openssl 0.9.8c-9

  • Openssl Project Openssl 0.9.8d-1

  • Openssl Project Openssl 0.9.8d-2

  • Openssl Project Openssl 0.9.8d-3

  • Openssl Project Openssl 0.9.8d-4

  • Openssl Project Openssl 0.9.8d-5

  • Openssl Project Openssl 0.9.8d-6

  • Openssl Project Openssl 0.9.8d-7

  • Openssl Project Openssl 0.9.8d-8

  • Openssl Project Openssl 0.9.8d-9

  • Openssl Project Openssl 0.9.8e-1

  • Openssl Project Openssl 0.9.8e-2

  • Openssl Project Openssl 0.9.8e-3

  • Openssl Project Openssl 0.9.8e-4

  • Openssl Project Openssl 0.9.8e-5

  • Openssl Project Openssl 0.9.8e-6

  • Openssl Project Openssl 0.9.8e-7

  • Openssl Project Openssl 0.9.8e-8

  • Openssl Project Openssl 0.9.8e-9

  • Openssl Project Openssl 0.9.8f-1

  • Openssl Project Openssl 0.9.8f-2

  • Openssl Project Openssl 0.9.8f-3

  • Openssl Project Openssl 0.9.8f-4

  • Openssl Project Openssl 0.9.8f-5

  • Openssl Project Openssl 0.9.8f-6

  • Openssl Project Openssl 0.9.8f-7

  • Openssl Project Openssl 0.9.8f-8

  • Openssl Project Openssl 0.9.8f-9

  • Openssl Project Openssl 0.9.8g-1

  • Openssl Project Openssl 0.9.8g-2

  • Openssl Project Openssl 0.9.8g-3

  • Openssl Project Openssl 0.9.8g-4

  • Openssl Project Openssl 0.9.8g-5

  • Openssl Project Openssl 0.9.8g-6

  • Openssl Project Openssl 0.9.8g-7

  • Openssl Project Openssl 0.9.8g-8

  • Openssl Project Openssl 0.9.8g-9


References

CERT - TA08-137A

CERT-VN - VU#925211

UBUNTU - USN-612-2

UBUNTU - USN-612-1

DEBIAN - DSA-1576

DEBIAN - DSA-1571

XF - openssl-rng-weak-security(42375)

UBUNTU - USN-612-7

UBUNTU - USN-612-4

UBUNTU - USN-612-3

SECTRACK - 1020017

BID - 29179

BUGTRAQ - 20080515 Debian generated SSH-Keys working exploit

MILW0RM - 5720

MILW0RM - 5632

MILW0RM - 5622

MLIST - [rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem

SECUNIA - 30249

SECUNIA - 30239

SECUNIA - 30231

SECUNIA - 30221

SECUNIA - 30220

SECUNIA - 30136

MISC - http://metasploit.com/users/hdm/tools/debian-openssl/


Last Updated: 27 May 2016 10:46:42