[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2453Date: (C)2007-06-11   (M)2023-12-22


The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018248
BID-24390
SECUNIA-25596
SECUNIA-25700
SECUNIA-25961
SECUNIA-26133
SECUNIA-26139
SECUNIA-26450
SECUNIA-26620
SECUNIA-26664
OSVDB-37114
ADV-2007-2105
DSA-1356
MDKSA-2007:171
MDKSA-2007:196
MDKSA-2007:216
RHSA-2007:0376
SUSE-SA:2007:043
SUSE-SA:2007:051
USN-470-1
USN-486-1
USN-489-1
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
kernel-randomnumber-weak-security(34781)
oval:org.mitre.oval:def:9960

CPE    246
cpe:/o:linux:linux_kernel:2.6.20.11
cpe:/o:linux:linux_kernel:2.6.20.12
cpe:/o:linux:linux_kernel:2.6.20.13
cpe:/o:linux:linux_kernel:2.6.20.14
...

© SecPod Technologies