Vulnerability Details CVE-2001-1141
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.9%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- http://www.redhat.com/support/errata/RHSA-2001-051.html
- http://www.securityfocus.com/advisories/3475
- http://www.securityfocus.com/archive/1/195829
- http://www.securityfocus.com/bid/3004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- http://www.redhat.com/support/errata/RHSA-2001-051.html
- http://www.securityfocus.com/advisories/3475
- http://www.securityfocus.com/archive/1/195829
- http://www.securityfocus.com/bid/3004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Products affected by CVE-2001-1141
-
cpe:2.3:a:openssl:openssl:0.9.1c
-
cpe:2.3:a:openssl:openssl:0.9.2b
-
cpe:2.3:a:openssl:openssl:0.9.3
-
cpe:2.3:a:openssl:openssl:0.9.4
-
cpe:2.3:a:openssl:openssl:0.9.5
-
cpe:2.3:a:openssl:openssl:0.9.6
-
cpe:2.3:a:openssl:openssl:0.9.6a
-
cpe:2.3:a:ssleay:ssleay:0.8.1
-
cpe:2.3:a:ssleay:ssleay:0.9
-
cpe:2.3:a:ssleay:ssleay:0.9.1