CVE-2011-0766

Опубликовано: 31 мая 2011

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Ссылки

http://secunia.com/advisories/44709
Vendor Advisory
http://www.kb.cert.org/vuls/id/178990
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/47980
Third Party Advisory
VDB Entry
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
Patch
http://secunia.com/advisories/44709
Vendor Advisory
http://www.kb.cert.org/vuls/id/178990
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/47980
Third Party Advisory
VDB Entry
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:erlang:crypto:*:*:*:*:*:*:*:*

Версия до 2.0.2.1 (включая)

cpe:2.3:a:erlang:erlang\/otp:r11b-5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r12b-5:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r13b:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r13b02-1:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r13b03:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r13b04:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r14a:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r14b:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r14b01:*:*:*:*:*:*:*

cpe:2.3:a:erlang:erlang\/otp:r14b02:*:*:*:*:*:*:*

cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*

Версия до 2.0.4 (включая)

EPSS

Процентиль: 87%

0.03371

Низкий

7.8 High

CVSS2

Дефекты

CWE-310

Связанные уязвимости

CVE-2011-0766

ubuntu

больше 14 лет назад

CVE-2011-0766

debian

больше 14 лет назад

The random number generator in the Crypto application before 2.0.2.2, ...

GHSA-q2pp-3636-pf45

github

больше 3 лет назад

EPSS

Процентиль: 87%

0.03371

Низкий

7.8 High

CVSS2

Дефекты

CWE-310