Vulnerability-Lookup

CVE-2008-0166 (GCVE-0-2008-0166)

Vulnerability from cvelistv5 – Published: 2008-05-13 17:00 – Updated: 2024-08-07 07:39

Summary

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2008/dsa-1576	vendor-advisory
	https://www.exploit-db.com/exploits/5622	exploit
	http://secunia.com/advisories/30221	third-party-advisory
	http://sourceforge.net/mailarchive/forum.php?thre…	mailing-list
	http://www.debian.org/security/2008/dsa-1571	vendor-advisory
	http://www.securityfocus.com/bid/29179	vdb-entry
	http://www.securityfocus.com/archive/1/492112/100…	mailing-list
	http://secunia.com/advisories/30239	third-party-advisory
	http://secunia.com/advisories/30220	third-party-advisory
	http://www.ubuntu.com/usn/usn-612-7	vendor-advisory
	http://secunia.com/advisories/30231	third-party-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
	http://metasploit.com/users/hdm/tools/debian-openssl/
	http://secunia.com/advisories/30249	third-party-advisory
	http://www.securitytracker.com/id?1020017	vdb-entry
	https://www.exploit-db.com/exploits/5632	exploit
	http://www.ubuntu.com/usn/usn-612-4	vendor-advisory
	http://www.ubuntu.com/usn/usn-612-2	vendor-advisory
	http://www.us-cert.gov/cas/techalerts/TA08-137A.html	third-party-advisory
	http://www.kb.cert.org/vuls/id/925211	third-party-advisory
	https://www.exploit-db.com/exploits/5720	exploit
	http://secunia.com/advisories/30136	third-party-advisory
	http://www.ubuntu.com/usn/usn-612-3	vendor-advisory
	http://www.ubuntu.com/usn/usn-612-1	vendor-advisory
	https://16years.secvuln.info
	https://news.ycombinator.com/item?id=40333169

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:32.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-1576",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1576"
          },
          {
            "name": "5622",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5622"
          },
          {
            "name": "30221",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30221"
          },
          {
            "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
          },
          {
            "name": "DSA-1571",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "29179",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29179"
          },
          {
            "name": "20080515 Debian generated SSH-Keys working exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
          },
          {
            "name": "30239",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30239"
          },
          {
            "name": "30220",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "name": "USN-612-7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-7"
          },
          {
            "name": "30231",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30231"
          },
          {
            "name": "openssl-rng-weak-security(42375)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
          },
          {
            "name": "30249",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30249"
          },
          {
            "name": "1020017",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020017"
          },
          {
            "name": "5632",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5632"
          },
          {
            "name": "USN-612-4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-4"
          },
          {
            "name": "USN-612-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-2"
          },
          {
            "name": "TA08-137A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
          },
          {
            "name": "VU#925211",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/925211"
          },
          {
            "name": "5720",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5720"
          },
          {
            "name": "30136",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30136"
          },
          {
            "name": "USN-612-3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-3"
          },
          {
            "name": "USN-612-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://16years.secvuln.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40333169"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-12T20:03:03.670Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-1576",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1576"
        },
        {
          "name": "5622",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5622"
        },
        {
          "name": "30221",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30221"
        },
        {
          "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
          "tags": [
            "mailing-list"
          ],
          "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
        },
        {
          "name": "DSA-1571",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1571"
        },
        {
          "name": "29179",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/29179"
        },
        {
          "name": "20080515 Debian generated SSH-Keys working exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
        },
        {
          "name": "30239",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30239"
        },
        {
          "name": "30220",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30220"
        },
        {
          "name": "USN-612-7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-7"
        },
        {
          "name": "30231",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30231"
        },
        {
          "name": "openssl-rng-weak-security(42375)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
        },
        {
          "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
        },
        {
          "name": "30249",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30249"
        },
        {
          "name": "1020017",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id?1020017"
        },
        {
          "name": "5632",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5632"
        },
        {
          "name": "USN-612-4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-4"
        },
        {
          "name": "USN-612-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-2"
        },
        {
          "name": "TA08-137A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
        },
        {
          "name": "VU#925211",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/925211"
        },
        {
          "name": "5720",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/5720"
        },
        {
          "name": "30136",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/30136"
        },
        {
          "name": "USN-612-3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-3"
        },
        {
          "name": "USN-612-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-612-1"
        },
        {
          "url": "https://16years.secvuln.info"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40333169"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0166",
    "datePublished": "2008-05-13T17:00:00.000Z",
    "dateReserved": "2008-01-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:39:32.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-4XRG-5554-QFFR

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2025-04-09 03:54

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-13T17:20:00Z",
    "severity": "HIGH"
  },
  "details": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.",
  "id": "GHSA-4xrg-5554-qffr",
  "modified": "2025-04-09T03:54:26Z",
  "published": "2022-05-01T23:28:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0166"
    },
    {
      "type": "WEB",
      "url": "https://16years.secvuln.info"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=40333169"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5622"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5632"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5720"
    },
    {
      "type": "WEB",
      "url": "http://metasploit.com/users/hdm/tools/debian-openssl"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30136"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30220"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30221"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30231"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30239"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30249"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1571"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1576"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/925211"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29179"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020017"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-612-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-612-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-612-3"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-612-4"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-612-7"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTA-2008-AVI-246

Vulnerability from certfr_avis - Published: 2008-05-15 - Updated: 2008-05-15

Une vulnérabilité dans la version de OpenSSH propre aux distributions Debian, Ubuntu ou à leurs dérivés permet à un utilisateur distant de contourner la politique de sécurité ou de porter atteinte à la confidentialité du système vulnérable.

Description

Par effet de bord, la vulnérabilité décrite dans l'avis CERTA-2008-AVI-239 sur OpenSSL, s'applique également au paquetage OpenSSH des distributions Debian et Ubuntu. Tous les bi-clefs ssh engendrés par la commande ssh-keygen fournie par les versions vulnérables de OpenSSH sont donc considérés comme non-fiables et doivent être renouvelés.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

la version de OpenSSH mise en œuvre dans Debian Etch ;
la version de OpenSSH mise en œuvre dans les versions 7.04, 7.10 et 8.04 de Ubuntu.

La version présente dans l'ancienne version stable de Debian : sarge n'est pas vulnérable.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian DSA-1576 du 14 mai 2008	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-612-5 du 14 mai 2008 :	-	other
Bulletin de sécurité Debian DSA 1576 du 14 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003ela version de OpenSSH mise en \u0153uvre dans Debian Etch ;\u003c/LI\u003e    \u003cLI\u003ela version de OpenSSH mise en \u0153uvre dans les versions 7.04,    7.10 et 8.04 de Ubuntu.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLa version pr\u00e9sente dans l\u0027ancienne version stable de Debian :  \u003cSPAN class=\"textit\"\u003esarge\u003c/SPAN\u003e n\u0027est pas vuln\u00e9rable.\u003c/P\u003e",
  "content": "## Description\n\nPar effet de bord, la vuln\u00e9rabilit\u00e9 d\u00e9crite dans l\u0027avis\nCERTA-2008-AVI-239 sur OpenSSL, s\u0027applique \u00e9galement au paquetage\nOpenSSH des distributions Debian et Ubuntu. Tous les bi-clefs ssh\nengendr\u00e9s par la commande ssh-keygen fournie par les versions\nvuln\u00e9rables de OpenSSH sont donc consid\u00e9r\u00e9s comme non-fiables et doivent\n\u00eatre renouvel\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0166"
    }
  ],
  "initial_release_date": "2008-05-15T00:00:00",
  "last_revision_date": "2008-05-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-612-5 du 14 mai 2008 :",
      "url": "http://www.ubuntulinux.org/usn/usn-612-5"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1576 du 14 mai 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1576"
    }
  ],
  "reference": "CERTA-2008-AVI-246",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la version de OpenSSH propre aux distributions\nDebian, Ubuntu ou \u00e0 leurs d\u00e9riv\u00e9s permet \u00e0 un utilisateur distant de\ncontourner la politique de s\u00e9curit\u00e9 ou de porter atteinte \u00e0 la\nconfidentialit\u00e9 du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenSSH pour Debian et Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1576 du 14 mai 2008",
      "url": null
    }
  ]
}

CERTA-2012-AVI-594

Vulnerability from certfr_avis - Published: 2012-10-22 - Updated: 2012-10-22

De multiples vulnérabilités ont été corrigées dans IBM XIV Storage System. La plus critique concerne une clef faible pour un certificat OpenSSL. La clef a été générée sur un système Debian qui était exposé à un problème d'entropie lors de sa génération.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM XIV Storage System versions antérieures à 10.2.4.c
IBM	N/A	IBM XIV Storage System versions antérieures à 11.0.1.a
IBM	N/A	IBM XIV Storage System versions antérieures à 11.1.1
IBM	N/A	IBM XIV Storage System versions antérieures à 10.2.4.e

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ssg1S1004218 du 18 octobre 2012	None	vendor-advisory
Bulletin de sécurité IBM ssg1S1004219 du 18 octobre 2012	None	vendor-advisory
Bulletin de sécurité IBM ssg1S1004217 du 18 octobre 2012	None	vendor-advisory
Bulletin de sécurité IBM ssg1S1004216 du 18 octobre 2012	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM XIV Storage System versions ant\u00e9rieures \u00e0 10.2.4.c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM XIV Storage System versions ant\u00e9rieures \u00e0 11.0.1.a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM XIV Storage System versions ant\u00e9rieures \u00e0 11.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM XIV Storage System versions ant\u00e9rieures \u00e0 10.2.4.e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2167"
    },
    {
      "name": "CVE-2012-2187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2187"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2008-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0166"
    }
  ],
  "initial_release_date": "2012-10-22T00:00:00",
  "last_revision_date": "2012-10-22T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-594",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM XIV Storage System\u003c/span\u003e. La plus critique concerne\nune clef faible pour un certificat OpenSSL. La clef a \u00e9t\u00e9 g\u00e9n\u00e9r\u00e9e sur un\nsyst\u00e8me \u003cspan class=\"textit\"\u003eDebian\u003c/span\u003e qui \u00e9tait expos\u00e9 \u00e0 un\nprobl\u00e8me d\u0027entropie lors de sa g\u00e9n\u00e9ration.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM XIV Storage System",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004218 du 18 octobre 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004219 du 18 octobre 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004217 du 18 octobre 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004216 du 18 octobre 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004216"
    }
  ]
}

GSD-2008-0166

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0166

Aliases

CVE-2008-0166

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0166",
    "description": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.",
    "id": "GSD-2008-0166",
    "references": [
      "https://www.debian.org/security/2008/dsa-1576",
      "https://www.debian.org/security/2008/dsa-1571"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0166"
      ],
      "details": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.",
      "id": "GSD-2008-0166",
      "modified": "2023-12-13T01:22:58.995360Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0166",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-1576",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1576"
          },
          {
            "name": "5622",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5622"
          },
          {
            "name": "30221",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30221"
          },
          {
            "name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
            "refsource": "MLIST",
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
          },
          {
            "name": "DSA-1571",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "name": "29179",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29179"
          },
          {
            "name": "20080515 Debian generated SSH-Keys working exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
          },
          {
            "name": "30239",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30239"
          },
          {
            "name": "30220",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "name": "USN-612-7",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-612-7"
          },
          {
            "name": "30231",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30231"
          },
          {
            "name": "openssl-rng-weak-security(42375)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
          },
          {
            "name": "http://metasploit.com/users/hdm/tools/debian-openssl/",
            "refsource": "MISC",
            "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
          },
          {
            "name": "30249",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30249"
          },
          {
            "name": "1020017",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020017"
          },
          {
            "name": "5632",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5632"
          },
          {
            "name": "USN-612-4",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-612-4"
          },
          {
            "name": "USN-612-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-612-2"
          },
          {
            "name": "TA08-137A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
          },
          {
            "name": "VU#925211",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/925211"
          },
          {
            "name": "5720",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/5720"
          },
          {
            "name": "30136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30136"
          },
          {
            "name": "USN-612-3",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-612-3"
          },
          {
            "name": "USN-612-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-612-1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8EEFA1C8-85D4-425F-A987-29AC6D10C303",
                    "versionEndIncluding": "0.9.8g",
                    "versionStartIncluding": "0.9.8c-1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                    "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                    "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
          },
          {
            "lang": "es",
            "value": "OpenSSL versi\u00f3n 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de n\u00fameros aleatorios que genera n\u00fameros predecibles, lo que facilita a atacantes remotos la conducci\u00f3n de ataques de adivinaci\u00f3n por fuerza bruta contra claves criptogr\u00e1ficas."
          }
        ],
        "id": "CVE-2008-0166",
        "lastModified": "2024-02-09T02:45:16.693",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2008-05-13T17:20:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30136"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30220"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30221"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30231"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30239"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/30249"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1571"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1576"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.kb.cert.org/vuls/id/925211"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/29179"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securitytracker.com/id?1020017"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-4"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-612-7"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://www.exploit-db.com/exploits/5622"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://www.exploit-db.com/exploits/5632"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://www.exploit-db.com/exploits/5720"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vendorComments": [
          {
            "comment": "Not vulnerable.  This flaw was caused by a third-party vendor patch to the OpenSSL\nlibrary.  This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.",
            "lastModified": "2008-05-13T00:00:00",
            "organization": "Red Hat"
          }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-338"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2008-0166

Vulnerability from fkie_nvd - Published: 2008-05-13 17:20 - Updated: 2025-04-09 00:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://metasploit.com/users/hdm/tools/debian-openssl/	Broken Link
cve@mitre.org	http://secunia.com/advisories/30136	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30220	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30221	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30231	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30239	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30249	Broken Link, Vendor Advisory
cve@mitre.org	http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1571	Mailing List, Patch, Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2008/dsa-1576	Mailing List, Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/925211	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/492112/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/29179	Broken Link, Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1020017	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/usn-612-1	Patch, Third Party Advisory
cve@mitre.org	http://www.ubuntu.com/usn/usn-612-2	Patch, Third Party Advisory
cve@mitre.org	http://www.ubuntu.com/usn/usn-612-3	Third Party Advisory
cve@mitre.org	http://www.ubuntu.com/usn/usn-612-4	Third Party Advisory
cve@mitre.org	http://www.ubuntu.com/usn/usn-612-7	Third Party Advisory
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-137A.html	Broken Link, Third Party Advisory, US Government Resource
cve@mitre.org	https://16years.secvuln.info
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42375	Third Party Advisory, VDB Entry
cve@mitre.org	https://news.ycombinator.com/item?id=40333169
cve@mitre.org	https://www.exploit-db.com/exploits/5622	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/5632	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/5720	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://metasploit.com/users/hdm/tools/debian-openssl/	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30136	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30220	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30221	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30231	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30239	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30249	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1571	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1576	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/925211	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492112/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29179	Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020017	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-612-1	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-612-2	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-612-3	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-612-4	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-612-7	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-137A.html	Broken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://16years.secvuln.info
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42375	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://news.ycombinator.com/item?id=40333169
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5622	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5632	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/5720	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
openssl	openssl	*
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
debian	debian_linux	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEFA1C8-85D4-425F-A987-29AC6D10C303",
              "versionEndIncluding": "0.9.8g",
              "versionStartIncluding": "0.9.8c-1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
    },
    {
      "lang": "es",
      "value": "OpenSSL versi\u00f3n 0.9.8c-1 hasta versiones anteriores a 0.9.8g-9, sobre sistemas operativos basados en Debian usa un generador de n\u00fameros aleatorios que genera n\u00fameros predecibles, lo que facilita a atacantes remotos la conducci\u00f3n de ataques de adivinaci\u00f3n por fuerza bruta contra claves criptogr\u00e1ficas."
    }
  ],
  "id": "CVE-2008-0166",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2008-05-13T17:20:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30136"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30220"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30221"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30231"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30239"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30249"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1571"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1576"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/925211"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29179"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://16years.secvuln.info"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://news.ycombinator.com/item?id=40333169"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5622"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5632"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz\u0026forum_name=rsyncrypto-devel"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/925211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-612-7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://16years.secvuln.info"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://news.ycombinator.com/item?id=40333169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/5720"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable.  This flaw was caused by a third-party vendor patch to the OpenSSL\nlibrary.  This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.",
      "lastModified": "2008-05-13T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-338"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0166 (GCVE-0-2008-0166)

GHSA-4XRG-5554-QFFR

CERTA-2008-AVI-246

Description

Solution

CERTA-2012-AVI-594

Solution

GSD-2008-0166

FKIE_CVE-2008-0166

Tags

Sightings

Nomenclature