CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
opensslopenssl
0.9.8c-1 ≤
𝑥
≤ 0.9.8g
canonicalubuntu_linux
6.06
canonicalubuntu_linux
7.04
canonicalubuntu_linux
7.10
canonicalubuntu_linux
8.04
debiandebian_linux
4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
sarge
not-affected
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
openssl
bullseye
1.1.1w-0+deb11u1
fixed
sarge
not-affected
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
hardy
Fixed 1:4.7p1-8ubuntu1.1
released
gutsy
Fixed 1:4.6p1-5ubuntu0.3
released
feisty
Fixed 1:4.3p2-8ubuntu1.3
released
dapper
Fixed 1:4.2p1-7ubuntu3.4
released
openssh-blacklist
hardy
Fixed 0.1
released
gutsy
Fixed 0.1
released
feisty
Fixed 0.1
released
dapper
Fixed 0.1
released
openssl
hardy
Fixed 0.9.8g-4ubuntu3.1
released
gutsy
Fixed 0.9.8e-5ubuntu3.2
released
feisty
Fixed 0.9.8c-4ubuntu0.3
released
dapper
not-affected
openssl-blacklist
hardy
Fixed 0.1
released
gutsy
Fixed 0.1
released
feisty
Fixed 0.1
released
dapper
Fixed 0.1
released
openvpn
hardy
Fixed 2.1~rc7-1ubuntu3.1
released
gutsy
Fixed 2.0.9-8ubuntu0.1
released
feisty
Fixed 2.0.9-5ubuntu0.1
released
dapper
not-affected
openvpn-blacklist
hardy
Fixed 0.1
released
gutsy
Fixed 0.1
released
feisty
Fixed 0.1
released
dapper
dne
ssl-cert
hardy
Fixed 1.0.14-0ubuntu2.1
released
gutsy
Fixed 1.0.14-0ubuntu0.7.10.1
released
feisty
Fixed 1.0.13-0ubuntu0.7.04.1
released
dapper
not-affected
Common Weakness Enumeration
References
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30136
http://secunia.com/advisories/30220
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://secunia.com/advisories/30249
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://16years.secvuln.info
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://news.ycombinator.com/item?id=40333169
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720
http://metasploit.com/users/hdm/tools/debian-openssl/
http://secunia.com/advisories/30136
http://secunia.com/advisories/30220
http://secunia.com/advisories/30221
http://secunia.com/advisories/30231
http://secunia.com/advisories/30239
http://secunia.com/advisories/30249
http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://www.kb.cert.org/vuls/id/925211
http://www.securityfocus.com/archive/1/492112/100/0/threaded
http://www.securityfocus.com/bid/29179
http://www.securitytracker.com/id?1020017
http://www.ubuntu.com/usn/usn-612-1
http://www.ubuntu.com/usn/usn-612-2
http://www.ubuntu.com/usn/usn-612-3
http://www.ubuntu.com/usn/usn-612-4
http://www.ubuntu.com/usn/usn-612-7
http://www.us-cert.gov/cas/techalerts/TA08-137A.html
https://16years.secvuln.info
https://exchange.xforce.ibmcloud.com/vulnerabilities/42375
https://news.ycombinator.com/item?id=40333169
https://www.exploit-db.com/exploits/5622
https://www.exploit-db.com/exploits/5632
https://www.exploit-db.com/exploits/5720