[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3238Date: (C)2009-09-18   (M)2024-02-22


The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 7.8
Exploit Score: 1.8Exploit Score: 10.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECUNIA-37105
SECUNIA-37351
RHSA-2009:1438
SUSE-SA:2009:054
SUSE-SA:2010:012
USN-852-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
http://patchwork.kernel.org/patch/21766/
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
https://bugzilla.redhat.com/show_bug.cgi?id=499785
https://bugzilla.redhat.com/show_bug.cgi?id=519692
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
oval:org.mitre.oval:def:11168

CWE    1
CWE-338
OVAL    10
oval:org.secpod.oval:def:202123
oval:org.mitre.oval:def:7644
oval:org.secpod.oval:def:700430
oval:org.secpod.oval:def:500599
...

© SecPod Technologies