Vulnerability Details CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://metasploit.com/users/hdm/tools/debian-openssl/
- http://secunia.com/advisories/30136
- http://secunia.com/advisories/30220
- http://secunia.com/advisories/30221
- http://secunia.com/advisories/30231
- http://secunia.com/advisories/30239
- http://secunia.com/advisories/30249
- http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
- http://www.debian.org/security/2008/dsa-1571
- http://www.debian.org/security/2008/dsa-1576
- http://www.kb.cert.org/vuls/id/925211
- http://www.securityfocus.com/archive/1/492112/100/0/threaded
- http://www.securityfocus.com/bid/29179
- http://www.securitytracker.com/id?1020017
- http://www.ubuntu.com/usn/usn-612-1
- http://www.ubuntu.com/usn/usn-612-2
- http://www.ubuntu.com/usn/usn-612-3
- http://www.ubuntu.com/usn/usn-612-4
- http://www.ubuntu.com/usn/usn-612-7
- http://www.us-cert.gov/cas/techalerts/TA08-137A.html
- https://16years.secvuln.info
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
- https://news.ycombinator.com/item?id=40333169
- https://www.exploit-db.com/exploits/5622
- https://www.exploit-db.com/exploits/5632
- https://www.exploit-db.com/exploits/5720
- http://metasploit.com/users/hdm/tools/debian-openssl/
- http://secunia.com/advisories/30136
- http://secunia.com/advisories/30220
- http://secunia.com/advisories/30221
- http://secunia.com/advisories/30231
- http://secunia.com/advisories/30239
- http://secunia.com/advisories/30249
- http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
- http://www.debian.org/security/2008/dsa-1571
- http://www.debian.org/security/2008/dsa-1576
- http://www.kb.cert.org/vuls/id/925211
- http://www.securityfocus.com/archive/1/492112/100/0/threaded
- http://www.securityfocus.com/bid/29179
- http://www.securitytracker.com/id?1020017
- http://www.ubuntu.com/usn/usn-612-1
- http://www.ubuntu.com/usn/usn-612-2
- http://www.ubuntu.com/usn/usn-612-3
- http://www.ubuntu.com/usn/usn-612-4
- http://www.ubuntu.com/usn/usn-612-7
- http://www.us-cert.gov/cas/techalerts/TA08-137A.html
- https://16years.secvuln.info
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
- https://news.ycombinator.com/item?id=40333169
- https://www.exploit-db.com/exploits/5622
- https://www.exploit-db.com/exploits/5632
- https://www.exploit-db.com/exploits/5720
Products affected by CVE-2008-0166
-
cpe:2.3:a:openssl:openssl:0.9.8c-1
-
cpe:2.3:a:openssl:openssl:0.9.8d
-
cpe:2.3:a:openssl:openssl:0.9.8e
-
cpe:2.3:a:openssl:openssl:0.9.8f
-
cpe:2.3:a:openssl:openssl:0.9.8g
-
cpe:2.3:o:canonical:ubuntu_linux:6.06
-
cpe:2.3:o:canonical:ubuntu_linux:7.04
-
cpe:2.3:o:canonical:ubuntu_linux:7.10
-
cpe:2.3:o:canonical:ubuntu_linux:8.04
-
cpe:2.3:o:debian:debian_linux:4.0