Executive Summary

Informations
Name CVE-2008-0166 First vendor Publication 2008-05-13
Vendor Cve Last vendor Modification 2022-02-02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-112 Brute Force
CAPEC-281 Analytic Attacks

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17595
 
Oval ID: oval:org.mitre.oval:def:17595
Title: USN-612-3 -- openvpn vulnerability
Description: Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases).
Family: unix Class: patch
Reference(s): USN-612-3
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openvpn
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17688
 
Oval ID: oval:org.mitre.oval:def:17688
Title: USN-612-1 -- openssl vulnerability
Description: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems.
Family: unix Class: patch
Reference(s): USN-612-1
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17770
 
Oval ID: oval:org.mitre.oval:def:17770
Title: USN-612-2 -- openssh vulnerability
Description: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems.
Family: unix Class: patch
Reference(s): USN-612-2
CVE-2008-0166
Version: 5
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17774
 
Oval ID: oval:org.mitre.oval:def:17774
Title: USN-612-4 -- ssl-cert vulnerability
Description: USN-612-1 fixed vulnerabilities in openssl.
Family: unix Class: patch
Reference(s): USN-612-4
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): ssl-cert
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17807
 
Oval ID: oval:org.mitre.oval:def:17807
Title: USN-612-7 -- openssh update
Description: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1.
Family: unix Class: patch
Reference(s): USN-612-7
CVE-2008-0166
Version: 5
Platform(s): Ubuntu 6.06
Product(s): openssh
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

OpenVAS Exploits

Date Description
2009-03-23 Name : Ubuntu Update for openvpn regression USN-612-10
File : nvt/gb_ubuntu_USN_612_10.nasl
2009-03-23 Name : Ubuntu Update for openssl-blacklist update USN-612-11
File : nvt/gb_ubuntu_USN_612_11.nasl
2009-03-23 Name : Ubuntu Update for openssh vulnerability USN-612-2
File : nvt/gb_ubuntu_USN_612_2.nasl
2009-03-23 Name : Ubuntu Update for openvpn vulnerability USN-612-3
File : nvt/gb_ubuntu_USN_612_3.nasl
2009-03-23 Name : Ubuntu Update for ssl-cert vulnerability USN-612-4
File : nvt/gb_ubuntu_USN_612_4.nasl
2009-03-23 Name : Ubuntu Update for openssh update USN-612-5
File : nvt/gb_ubuntu_USN_612_5.nasl
2009-03-23 Name : Ubuntu Update for openvpn regression USN-612-6
File : nvt/gb_ubuntu_USN_612_6.nasl
2009-03-23 Name : Ubuntu Update for openssh update USN-612-7
File : nvt/gb_ubuntu_USN_612_7.nasl
2009-03-23 Name : Ubuntu Update for openssl-blacklist update USN-612-8
File : nvt/gb_ubuntu_USN_612_8.nasl
2009-03-23 Name : Ubuntu Update for openssl-blacklist update USN-612-9
File : nvt/gb_ubuntu_USN_612_9.nasl
2008-09-04 Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl)
File : nvt/ubuntu_usn-612.nasl
2008-05-27 Name : Debian Security Advisory DSA 1571-1 (openssl)
File : nvt/deb_1571_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1576-1 (openssh)
File : nvt/deb_1576_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1576-2 (openssh)
File : nvt/deb_1576_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45503 Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea...

45029 OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp...

Nessus® Vulnerability Scanner

Date Description
2013-03-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-11.nasl - Type : ACT_GATHER_INFO
2008-06-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-10.nasl - Type : ACT_GATHER_INFO
2008-06-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-9.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-8.nasl - Type : ACT_GATHER_INFO
2008-05-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-6.nasl - Type : ACT_GATHER_INFO
2008-05-15 Name : The remote SSH host is set up to accept authentication with weak Debian SSH k...
File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO
2008-05-15 Name : The remote SSL certificate uses a weak key.
File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-14 Name : The remote SSH host keys are weak.
File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/29179
BUGTRAQ http://www.securityfocus.com/archive/1/492112/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA08-137A.html
CERT-VN http://www.kb.cert.org/vuls/id/925211
DEBIAN http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
EXPLOIT-DB https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720
MISC http://metasploit.com/users/hdm/tools/debian-openssl/
MLIST http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40s...
SECTRACK http://www.securitytracker.com/id?1020017
SECUNIA http://secunia.com/advisories/30136
http://secunia.com/advisories/30220
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://secunia.com/advisories/30249
UBUNTU http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/42375

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2022-02-03 12:05:17
  • Multiple Updates
2021-05-04 12:06:57
  • Multiple Updates
2021-04-22 01:07:26
  • Multiple Updates
2020-05-23 00:21:05
  • Multiple Updates
2018-10-16 00:19:24
  • Multiple Updates
2017-09-29 09:23:21
  • Multiple Updates
2017-08-08 09:23:48
  • Multiple Updates
2016-04-26 17:00:09
  • Multiple Updates
2014-02-17 10:43:23
  • Multiple Updates
2013-05-11 00:06:19
  • Multiple Updates