Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3168

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3168
Last Modified 09 Jun 2009 01:25:03
Published 14 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3168

Summary

The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.

Vulnerable Systems

Application

  • Empire Server 4.2.10

  • Empire Server 4.2.11

  • Empire Server 4.2.12

  • Empire Server 4.2.13

  • Empire Server 4.2.14

  • Empire Server 4.2.15

  • Empire Server 4.2.16

  • Empire Server 4.2.17

  • Empire Server 4.2.18

  • Empire Server 4.2.19

  • Empire Server 4.2.20

  • Empire Server 4.2.21

  • Empire Server 4.2.22

  • Empire Server 4.2.23

  • Empire Server 4.3.0

  • Empire Server 4.3.10

  • Empire Server 4.3.11


References

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111

CONFIRM - http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745

XF - empireserver-unspecified-info-disclosure(43653)

BID - 30152


Last Updated: 27 May 2016 10:48:06