Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-0166 | First vendor Publication | 2008-05-13 |
Vendor | Cve | Last vendor Modification | 2024-02-09 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 7.5 | ||
Base Score | 7.5 | Environmental Score | 7.5 |
impact SubScore | 3.6 | Temporal Score | 7.5 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-338 | Use of Cryptographically Weak PRNG |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17595 | |||
Oval ID: | oval:org.mitre.oval:def:17595 | ||
Title: | USN-612-3 -- openvpn vulnerability | ||
Description: | Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases). | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-3 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openvpn |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17688 | |||
Oval ID: | oval:org.mitre.oval:def:17688 | ||
Title: | USN-612-1 -- openssl vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-1 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17770 | |||
Oval ID: | oval:org.mitre.oval:def:17770 | ||
Title: | USN-612-2 -- openssh vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-2 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17774 | |||
Oval ID: | oval:org.mitre.oval:def:17774 | ||
Title: | USN-612-4 -- ssl-cert vulnerability | ||
Description: | USN-612-1 fixed vulnerabilities in openssl. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-4 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | ssl-cert |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17807 | |||
Oval ID: | oval:org.mitre.oval:def:17807 | ||
Title: | USN-612-7 -- openssh update | ||
Description: | USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-7 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 6.06 | Product(s): | openssh |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for openvpn regression USN-612-10 File : nvt/gb_ubuntu_USN_612_10.nasl |
2009-03-23 | Name : Ubuntu Update for openssl-blacklist update USN-612-11 File : nvt/gb_ubuntu_USN_612_11.nasl |
2009-03-23 | Name : Ubuntu Update for openssh vulnerability USN-612-2 File : nvt/gb_ubuntu_USN_612_2.nasl |
2009-03-23 | Name : Ubuntu Update for openvpn vulnerability USN-612-3 File : nvt/gb_ubuntu_USN_612_3.nasl |
2009-03-23 | Name : Ubuntu Update for ssl-cert vulnerability USN-612-4 File : nvt/gb_ubuntu_USN_612_4.nasl |
2009-03-23 | Name : Ubuntu Update for openssh update USN-612-5 File : nvt/gb_ubuntu_USN_612_5.nasl |
2009-03-23 | Name : Ubuntu Update for openvpn regression USN-612-6 File : nvt/gb_ubuntu_USN_612_6.nasl |
2009-03-23 | Name : Ubuntu Update for openssh update USN-612-7 File : nvt/gb_ubuntu_USN_612_7.nasl |
2009-03-23 | Name : Ubuntu Update for openssl-blacklist update USN-612-8 File : nvt/gb_ubuntu_USN_612_8.nasl |
2009-03-23 | Name : Ubuntu Update for openssl-blacklist update USN-612-9 File : nvt/gb_ubuntu_USN_612_9.nasl |
2008-09-04 | Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl) File : nvt/ubuntu_usn-612.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1571-1 (openssl) File : nvt/deb_1571_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-1 (openssh) File : nvt/deb_1576_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-2 (openssh) File : nvt/deb_1576_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45503 | Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea... |
45029 | OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-11.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-10.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-9.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-8.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-6.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSH host is set up to accept authentication with weak Debian SSH k... File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSL certificate uses a weak key. File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-14 | Name : The remote SSH host keys are weak. File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-09 09:27:57 |
|
2022-02-03 12:05:17 |
|
2021-05-04 12:06:57 |
|
2021-04-22 01:07:26 |
|
2020-05-23 00:21:05 |
|
2018-10-16 00:19:24 |
|
2017-09-29 09:23:21 |
|
2017-08-08 09:23:48 |
|
2016-04-26 17:00:09 |
|
2014-02-17 10:43:23 |
|
2013-05-11 00:06:19 |
|