CVE-2008-0166

high-risk
Published 2008-05-13

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Do I need to act?

~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
5622, 5720, 5632
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Openssl Debian Canonical

References (52)

Broken Link http://metasploit.com/users/hdm/tools/debian-openssl/
Broken Link http://secunia.com/advisories/30136
Broken Link http://secunia.com/advisories/30220
Broken Link http://secunia.com/advisories/30221
Broken Link http://secunia.com/advisories/30231
Broken Link http://secunia.com/advisories/30239
Broken Link http://secunia.com/advisories/30249
Third Party Advisory http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shem...
Mailing List http://www.debian.org/security/2008/dsa-1571
Mailing List http://www.debian.org/security/2008/dsa-1576
Third Party Advisory http://www.kb.cert.org/vuls/id/925211
Broken Link http://www.securityfocus.com/archive/1/492112/100/0/threaded
Broken Link http://www.securityfocus.com/bid/29179
Broken Link http://www.securitytracker.com/id?1020017
Patch http://www.ubuntu.com/usn/usn-612-1
Patch http://www.ubuntu.com/usn/usn-612-2
Third Party Advisory http://www.ubuntu.com/usn/usn-612-3
Third Party Advisory http://www.ubuntu.com/usn/usn-612-4
Third Party Advisory http://www.ubuntu.com/usn/usn-612-7
Broken Link http://www.us-cert.gov/cas/techalerts/TA08-137A.html
and 32 more references
52
/ 100
high-risk
Severity 26/34 · High
Exploitability 13/34 · Low
Exposure 13/34 · Low