CVE-2011-0766

Published May 31, 2011

Last updated a year ago

Overview

Description: The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Source: cret@cert.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:erlang:crypto:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5C36D51-22EA-4973-BD37-34A148222677",
            "versionEndIncluding": "2.0.2.1"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r11b-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E83FC35B-457E-461C-939A-2A2DAB1C2461"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r12b-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6C511C8-EE7D-4E4F-829A-8A28A3F5DE7A"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADBDFE1E-0212-4A40-AF37-452469A591DE"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b02-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90FCA4F4-F172-44F8-A7E9-03C4374D8BE3"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E2E62B-42A6-4D2C-80D0-B1AFD8F24E4A"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "586A5C8B-0842-4D1C-A33A-A5E4AB0F7422"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98D07E19-8830-4112-993B-92475F37CB68"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13DF6614-88C8-49CE-97E3-0AD2D3972182"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10182FC9-2DE9-4FAD-8C9D-D5B21A735824"
          },
          {
            "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4106F0A1-8582-46CD-9F8F-1A613B272DF3"
          },
          {
            "criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5FC28F2-797D-4C4E-B9B8-D89A3AAD7950",
            "versionEndIncluding": "2.0.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References