Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-5162
HistoryNov 26, 2008 - 11:30 p.m.

CVE-2008-5162

2008-11-2623:30:00
CWE-330
[email protected]
web.nvd.nist.gov
33
cve-2008-5162
arc4random
freebsd
entropy source
yarrow random number generator
geom framework
network protocols
security vulnerability

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function’s return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

Affected configurations

NVD
Node
freebsdfreebsdRange6.4–7.0
OR
freebsdfreebsdMatch6.3-
OR
freebsdfreebsdMatch6.3p1
OR
freebsdfreebsdMatch6.3p2
OR
freebsdfreebsdMatch6.3p3
OR
freebsdfreebsdMatch6.3p4
OR
freebsdfreebsdMatch6.3p5
OR
freebsdfreebsdMatch7.0-
OR
freebsdfreebsdMatch7.0p1
OR
freebsdfreebsdMatch7.0p3
OR
freebsdfreebsdMatch7.0p4
OR
freebsdfreebsdMatch7.0p5
OR
freebsdfreebsdMatch7.1-
OR
freebsdfreebsdMatch7.1p1
OR
freebsdfreebsdMatch7.1p10
OR
freebsdfreebsdMatch7.1p12
OR
freebsdfreebsdMatch7.1p13
OR
freebsdfreebsdMatch7.1p14
OR
freebsdfreebsdMatch7.1p15
OR
freebsdfreebsdMatch7.1p16
OR
freebsdfreebsdMatch7.1p2
OR
freebsdfreebsdMatch7.1p3
OR
freebsdfreebsdMatch7.1p4
OR
freebsdfreebsdMatch7.1p5
OR
freebsdfreebsdMatch7.1p6
OR
freebsdfreebsdMatch7.1p7
OR
freebsdfreebsdMatch7.1p8
OR
freebsdfreebsdMatch7.1p9
OR
freebsdfreebsdMatch7.1rc1
OR
freebsdfreebsdMatch7.1rc2

Related

securityvulns 2
openvas 4
seebug 1
freebsd_advisory 1
prion 1
freebsd 1
cvelist 1
nvd 1
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random
2008-11-25 00:00:00
FreeBSD arc4random cryptographic weakness
2008-11-25 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-08:11.arc4random.asc)
2008-11-24 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-08:11.arc4random.asc)
2008-11-24 00:00:00
Mandriva Update for ruby MDVSA-2008:029 (ruby)
2009-04-09 00:00:00
seebug
seebug
FreeBSD arc4random (9)δΌͺιšζœΊζ•°η”Ÿζˆε™¨δΈε……εˆ†ζΌζ΄ž
2008-11-26 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-08:11.arc4random
2008-11-24 00:00:00
prion
prion
Design/Logic Flaw
2008-11-26 23:30:00
freebsd
freebsd
FreeBSD -- arc4random(9) predictable sequence vulnerability
2008-11-24 00:00:00
cvelist
cvelist
CVE-2008-5162
2008-11-26 23:00:00
nvd
nvd
CVE-2008-5162
2008-11-26 23:30:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON
Related for CVE-2008-5162
securityvulns2openvas4seebug1freebsd_advisory1prion1freebsd1cvelist1nvd1