CVE-2008-0166

EUVD-2008-0178
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
0.9.8c-1 ≤
𝑥
≤ 0.9.8g
canonicalubuntu_linux
6.06
canonicalubuntu_linux
7.04
canonicalubuntu_linux
7.10
canonicalubuntu_linux
8.04
debiandebian_linux
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bullseye (security)
1:8.4p1-5+deb11u3
fixed
sarge
not-affected
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
openssl
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
sarge
not-affected
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
dapper
Fixed 1:4.2p1-7ubuntu3.4
released
feisty
Fixed 1:4.3p2-8ubuntu1.3
released
gutsy
Fixed 1:4.6p1-5ubuntu0.3
released
hardy
Fixed 1:4.7p1-8ubuntu1.1
released
openssh-blacklist
dapper
Fixed 0.1
released
feisty
Fixed 0.1
released
gutsy
Fixed 0.1
released
hardy
Fixed 0.1
released
openssl
dapper
not-affected
feisty
Fixed 0.9.8c-4ubuntu0.3
released
gutsy
Fixed 0.9.8e-5ubuntu3.2
released
hardy
Fixed 0.9.8g-4ubuntu3.1
released
openssl-blacklist
dapper
Fixed 0.1
released
feisty
Fixed 0.1
released
gutsy
Fixed 0.1
released
hardy
Fixed 0.1
released
openvpn
dapper
not-affected
feisty
Fixed 2.0.9-5ubuntu0.1
released
gutsy
Fixed 2.0.9-8ubuntu0.1
released
hardy
Fixed 2.1~rc7-1ubuntu3.1
released
openvpn-blacklist
dapper
dne
feisty
Fixed 0.1
released
gutsy
Fixed 0.1
released
hardy
Fixed 0.1
released
ssl-cert
dapper
not-affected
feisty
Fixed 1.0.13-0ubuntu0.7.04.1
released
gutsy
Fixed 1.0.14-0ubuntu0.7.10.1
released
hardy
Fixed 1.0.14-0ubuntu2.1
released
Common Weakness Enumeration
References
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30136
http://secunia.com/advisories/30220
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://secunia.com/advisories/30249
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://16years.secvuln.info
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://news.ycombinator.com/item?id=40333169
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30136
http://secunia.com/advisories/30220
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://secunia.com/advisories/30249
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://16years.secvuln.info
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://news.ycombinator.com/item?id=40333169
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720