Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5162

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5162
Last Modified 03 Dec 2008 01:46:29
Published 26 Nov 2008 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5162

Summary

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

Vulnerable Systems

Operating System

  • Freebsd 6.3

  • Freebsd 6.4

  • Freebsd 7.0

  • Freebsd 7.1


References

BID - 32447

SECTRACK - 1021276

FREEBSD - FreeBSD-SA-08:11

SECUNIA - 32871

OSVDB - 50137


Last Updated: 27 May 2016 10:48:43