CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
gnuclasspath
𝑥
≤ 0.97.2
gnuclasspath
0.6
gnuclasspath
0.7
gnuclasspath
0.8
gnuclasspath
0.9
gnuclasspath
0.10
gnuclasspath
0.11
gnuclasspath
0.12
gnuclasspath
0.13
gnuclasspath
0.14
gnuclasspath
0.15
gnuclasspath
0.16
gnuclasspath
0.17
gnuclasspath
0.18
gnuclasspath
0.19
gnuclasspath
0.20
gnuclasspath
0.90
gnuclasspath
0.91
gnuclasspath
0.92
gnuclasspath
0.93
gnuclasspath
0.95
gnuclasspath
0.96
gnuclasspath
0.96.1
gnuclasspath
0.97
gnuclasspath
0.97.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
classpath
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
http://www.openwall.com/lists/oss-security/2008/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47574
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
http://www.openwall.com/lists/oss-security/2008/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47574