Vulnerability Details CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
- http://www.openwall.com/lists/oss-security/2008/12/06/2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47574
- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
- http://www.openwall.com/lists/oss-security/2008/12/06/2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47574
Products affected by CVE-2008-5659
-
cpe:2.3:a:gnu:classpath:*
-
cpe:2.3:a:gnu:classpath:0.10
-
cpe:2.3:a:gnu:classpath:0.11
-
cpe:2.3:a:gnu:classpath:0.12
-
cpe:2.3:a:gnu:classpath:0.13
-
cpe:2.3:a:gnu:classpath:0.14
-
cpe:2.3:a:gnu:classpath:0.15
-
cpe:2.3:a:gnu:classpath:0.16
-
cpe:2.3:a:gnu:classpath:0.17
-
cpe:2.3:a:gnu:classpath:0.18
-
cpe:2.3:a:gnu:classpath:0.19
-
cpe:2.3:a:gnu:classpath:0.20
-
cpe:2.3:a:gnu:classpath:0.6
-
cpe:2.3:a:gnu:classpath:0.7
-
cpe:2.3:a:gnu:classpath:0.8
-
cpe:2.3:a:gnu:classpath:0.9
-
cpe:2.3:a:gnu:classpath:0.90
-
cpe:2.3:a:gnu:classpath:0.91
-
cpe:2.3:a:gnu:classpath:0.92
-
cpe:2.3:a:gnu:classpath:0.93
-
cpe:2.3:a:gnu:classpath:0.95
-
cpe:2.3:a:gnu:classpath:0.96
-
cpe:2.3:a:gnu:classpath:0.96.1
-
cpe:2.3:a:gnu:classpath:0.97
-
cpe:2.3:a:gnu:classpath:0.97.1