Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0766

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2011-0766
Last Modified 13 Jul 2011 12:00:00
Published 31 May 2011 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0766

Summary

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Vulnerable Systems

Application

  • Erlang Crypto 1.0

  • Erlang Crypto 1.1

  • Erlang Crypto 1.1.1

  • Erlang Crypto 1.1.2

  • Erlang Crypto 1.1.3

  • Erlang Crypto 1.2

  • Erlang Crypto 1.2.1

  • Erlang Crypto 1.2.2

  • Erlang Crypto 1.2.3

  • Erlang Crypto 1.3

  • Erlang Crypto 1.4

  • Erlang Crypto 1.5

  • Erlang Crypto 1.5.1.1

  • Erlang Crypto 1.5.2

  • Erlang Crypto 1.5.2.1

  • Erlang Crypto 1.5.3

  • Erlang Crypto 1.6

  • Erlang Crypto 1.6.1

  • Erlang Crypto 1.6.2

  • Erlang Crypto 1.6.3

  • Erlang Crypto 1.6.4

  • Erlang Crypto 2.0

  • Erlang Crypto 2.0.1

  • Erlang Crypto 2.0.2

  • Erlang Crypto 2.0.2.1

  • Erlang%2fotp R11b-5

  • Erlang%2fotp R12b-5

  • Erlang%2fotp R13b

  • Erlang%2fotp R13b02-1

  • Erlang%2fotp R13b03

  • Erlang%2fotp R13b04

  • Erlang%2fotp R14a

  • Erlang%2fotp R14b

  • Erlang%2fotp R14b01

  • Erlang%2fotp R14b02

  • Ssh 1.2.0

  • Ssh 1.2.1

  • Ssh 1.2.10

  • Ssh 1.2.11

  • Ssh 1.2.12

  • Ssh 1.2.13

  • Ssh 1.2.14

  • Ssh 1.2.15

  • Ssh 1.2.16

  • Ssh 1.2.17

  • Ssh 1.2.18

  • Ssh 1.2.19

  • Ssh 1.2.2

  • Ssh 1.2.20

  • Ssh 1.2.21

  • Ssh 1.2.22

  • Ssh 1.2.23

  • Ssh 1.2.24

  • Ssh 1.2.25

  • Ssh 1.2.26

  • Ssh 1.2.27

  • Ssh 1.2.28

  • Ssh 1.2.29

  • Ssh 1.2.3

  • Ssh 1.2.30

  • Ssh 1.2.31

  • Ssh 1.2.4

  • Ssh 1.2.5

  • Ssh 1.2.6

  • Ssh 1.2.7

  • Ssh 1.2.8

  • Ssh 1.2.9

  • Ssh 2.0.4


References

CERT-VN - VU#178990

CONFIRM - https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5

BID - 47980

SECUNIA - 44709


Last Updated: 27 May 2016 10:56:02