CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The โinternal state trackingโ code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
Vendor | Product | Version | CPE |
---|---|---|---|
freebsd | freebsd | 5.5 | cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:* |
freebsd | freebsd | 6.1 | cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:* |
freebsd | freebsd | 6.2 | cpe:2.3:o:freebsd:freebsd:6.2:*:*:*:*:*:*:* |
freebsd | freebsd | 6.3 | cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:* |
freebsd | freebsd | 7.0 | cpe:2.3:o:freebsd:freebsd:7.0:beta_4:*:*:*:*:*:* |