Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3238

Опубликовано: 18 сент. 2009
Источник: nvd
CVSS3: 5.5
CVSS2: 7.8
EPSS Низкий

Описание

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 2.6.30 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*

EPSS

Процентиль: 47%
0.00241
Низкий

5.5 Medium

CVSS3

7.8 High

CVSS2

Дефекты

CWE-338

Связанные уязвимости

ubuntu логотип

CVE-2009-3238

CVSS3: 5.5
ubuntu
почти 16 лет назад

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

redhat логотип

CVE-2009-3238

redhat
около 16 лет назад

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

debian логотип

CVE-2009-3238

CVSS3: 5.5
debian
почти 16 лет назад

The get_random_int function in drivers/char/random.c in the Linux kern ...

github логотип

GHSA-gq5x-hvxj-cp4r

CVSS3: 5.5
github
около 3 лет назад

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

oracle-oval логотип

ELSA-2009-1106

oracle-oval
около 16 лет назад

ELSA-2009-1106: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 47%
0.00241
Низкий

5.5 Medium

CVSS3

7.8 High

CVSS2

Дефекты

CWE-338