Lucene search

MitreCVE-2000-0535

HistoryJul 12, 2000 - 4:00 a.m.

CVE-2000-0535

2000-07-1204:00:00

mitre

web.nvd.nist.gov

cve-2000-0535

openssl 0.9.4

openssh

freebsd alpha

/dev/random

weak keys

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.5%

JSON

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

Affected configurations

Nvd

Node

opensslopensslMatch0.9.4

Node

freebsdfreebsdMatch4.0alpha

freebsdfreebsdMatch5.0alpha

VendorProductVersionCPE
opensslopenssl0.9.4cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
freebsdfreebsd4.0cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*
freebsdfreebsd5.0cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	0.9.4	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
freebsd	freebsd	4.0	cpe:2.3:o:freebsd:freebsd:4.0:alpha::::::
freebsd	freebsd	5.0	cpe:2.3:o:freebsd:freebsd:5.0:alpha::::::

References

archives.neohapsis.com/archives/freebsd/2000-06/0083.html

www.securityfocus.com/bid/1340

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.5%

JSON

Related for CVE-2000-0535