Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5659

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5659
Last Modified 06 Jan 2009 01:02:36
Published 17 Dec 2008 03:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5659

Summary

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Vulnerable Systems

Application

  • Gnu Classpath 0.10

  • Gnu Classpath 0.11

  • Gnu Classpath 0.12

  • Gnu Classpath 0.13

  • Gnu Classpath 0.14

  • Gnu Classpath 0.15

  • Gnu Classpath 0.16

  • Gnu Classpath 0.17

  • Gnu Classpath 0.18

  • Gnu Classpath 0.19

  • Gnu Classpath 0.20

  • Gnu Classpath 0.6

  • Gnu Classpath 0.7

  • Gnu Classpath 0.8

  • Gnu Classpath 0.9

  • Gnu Classpath 0.90

  • Gnu Classpath 0.91

  • Gnu Classpath 0.92

  • Gnu Classpath 0.93

  • Gnu Classpath 0.95

  • Gnu Classpath 0.96

  • Gnu Classpath 0.96.1

  • Gnu Classpath 0.97

  • Gnu Classpath 0.97.1

  • Gnu Classpath 0.97.2


References

XF - classpath-gnujavasecurityutil-weak-security(47574)

MLIST - [oss-security] 20081206 CVE request: weak PRNG in GNU Classpath

CONFIRM - http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417


Last Updated: 27 May 2016 10:48:52